The days when antivirus solutions were only required on Windows are long gone, as pretty much any operating system out there is now being targeted by malicious actors out there. Android obviously makes no exception, and it’s not just because you can install applications from outside the Google Play Store using the show more ...
Citizen Lab researchers say they have found evidence that dozens of journalists had their iPhones silently compromised with spyware known to be used by nation-states. The spyware was silently delivered, likely over iMessage.
The new platform launched by Europol and the European Commission includes both software and hardware tools to provide help in accessing the encrypted material for law enforcement investigations.
A Nepal-based IT security researcher Saugat Pokharel identified a Facebook bug that exposed the private data of Instagram users, including their email addresses and birthdays.
“NATO also has cyber rapid reaction teams on standby to assist Allies 24 hours a day, and our Cyberspace Operations Centre is operational,” an unnamed NATO official told AFP.
Expanding on its predecessor, this new version of Gitpaste-12 comes equipped with over 30 vulnerability exploits, concerning Linux systems, IoT devices, and open-source components.
Branches of Co-op in the south of England have been using real-time facial recognition cameras to scan shoppers entering stores. It was quietly introduced for limited trials during the last 18 months.
Sen. Mitt Romney (R-Utah) called for a response to a cyberattack on U.S. government systems on Sunday, and said that Russia should face consequences for its alleged involvement.
The blob containing 587,000 customer files was operated by Surrey-based app developer Probase, and appeared to be in the public cloud underpinning one of its CRM products.
The CERT-In confirmed the vulnerability and replied on email in September to say that the authorities had been intimated about the issue, and Telangana IT Secretary Jayesh Ranjan assured a fix.
Researchers have discovered five new attack techniques, all of which can be launched from zero-permission malicious Android apps, and one can even work against all apps that integrate fingerprint API.
Ledger was quick to acknowledge the breach revealing that the stolen data contained email addresses full names, postal addresses, phone numbers, and details related to products ordered by customers.
At present, individuals are only permitted to change their personal ID numbers in exceptional cases, and the new law will tighten regulations and controls around secure handling of personal ID codes.
A list of dozens of online stores hacked by a web skimming group was inadvertently leaked by a dropper used to deploy a stealthy remote access trojan (RAT) on compromised e-commerce sites.
TinyCheck is open source software designed to be used on a Raspberry Pi with WiFi dongle and touchscreen. It was developed by Félix Aimé, a senior security researcher at Kaspersky Lab.
Forescout released an open-source tool for detecting whether a network device runs one of the four open-source TCP/IP stacks (and their variations) affected by the Amnesia:33 vulnerabilities.
This latest cash infusion comes after roughly a year, during which time OneTrust grew its customer base to more than 7,000 organizations across 100 countries, up from 3,000 as of July 2019.
We still don't know the full harm done by Sunburst, the splendidly evil hack of its Orion network monitoring platform, but it was global in scope, deep in reach, and hit only the highest-value assets.
It's vital that all countries follow international rules and norms if deploying cyber weapons, but some nations aren't being responsible when it comes to how they use cyber powers, officials said.
As the global pandemic in the year 2020 accelerated trends like remote working and digital transformation, it has also created new cybersecurity challenges for organizations.
Flavor and fragrance developer Symrise has suffered a Clop ransomware attack where the attackers allegedly stole 500 GB of unencrypted files and encrypted close to 1,000 devices.
According to researchers at Armis, around 97 percent of the OT devices affected by URGENT/11 (a group of vulnerabilities) are not patched, even though fixes are being delivered.
Palo Alto’s Unit42 research team has recently found hacking group AridViper (aka APT-C-23) dropping a new malware called PyMicropsia to target victims in the Middle Eastern region.
The threat actors were successful in gaining access to Subway UK customers' names and email addresses by hacking a Subcard server responsible for its email campaigns.
In recent months, there has been a barrage of zero-day vulnerabilities affecting popular software and devices, including several WordPress plugins, VMware products, Google Chrome, and others.
Security researchers have discovered a second threat actor that has exploited the SolarWinds software to plant Supernova and CosmicGale malware on corporate and government networks.
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant show more ...
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the pre-built jar release.
Red Hat Security Advisory 2020-5614-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat Security Advisory 2020-5645-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
This document is intended to provide a detailed study on the Heartbleed attack. It covers the required topics for understanding the exploit. The proof of concept will help visualize and perform the attack in a virtual scenario to understand the attack vector of the process of exploitation.
Stratodesk NoTouch Center virtual appliance suffers from a privilege escalation vulnerability. This was addressed in version 4.4.68.
Red Hat Security Advisory 2020-5642-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
Online Marriage Registration System version 1.0 suffers from a remote SQL injection vulnerability.
Sony Playstation 4 versions prior to 6.72 ValidationMessage::buildBubbleTree() use-after-free webkit code execution proof of concept exploit.
Sony Playstation 4 versions prior to 7.02 ValidationMessage::buildBubbleTree() use-after-free webkit code execution proof of concept exploit.
Red Hat Security Advisory 2020-5644-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Point of Sale System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
Red Hat Security Advisory 2020-5641-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2020-5616-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a buffer overflow vulnerability.
Whitepaper that discusses secure coding practices and touches on security principles.
Queue Management System version 4.0.0 suffers from a persistent cross site scripting vulnerability.
estr2bc is a python script to convert arbitrary string input to Erlang bytecode.
Red Hat Security Advisory 2020-5640-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2020-5639-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2020-5638-01 - The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers.
Red Hat Security Advisory 2020-5637-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
SCO Openserver version 5.0.7 suffers from a command injection vulnerability.
SCO Openserver version 5.0.7 suffers from a cross site scripting vulnerability.
Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36 journalists, producers, anchors, and executives at Al Jazeera, and a journalist at London-based Al
Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first one is development permissions that don't get changed when something goes live. For example, AWS S3
A team of researchers today unveils two critical security vulnerabilities it discovered in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS
The details of Ledger hardware wallet customers provide a golden opportunity for criminals to scam the unwary. Read more in my article on the Hot for Security blog.
Many thanks to the great folks at AV-Comparatives, who have sponsored my writing for the past week. Anti-malware testing lab AV-Comparatives carries out independent intensive tests of security software, and has just published its long-term test report into the performance of business and enterprise endpoint security show more ...
