At the Chaos Communication Congress late last year, researcher and radio amateur Jacek Lipkowski presented the results of his experiments involving exfiltration of data from an isolated network by means of the background electromagnetic radiation generated by network equipment. Lipkowski’s presentation may be show more ...
Welcome to the first episode of the Kaspersky Transatlantic Cable podcast of 2021. Unfortunately, COVID-19 is still here, but so are we (take that how you will). First, we have to pour one out for Adobe Flash. The much-maligned platform, which is almost as old as the Internet itself, has finally been put out to show more ...
Researchers at Morphisec Labs have published fresh details about a malware variant called JSSLoaderwritten in the .NET language, that the FIN7 hacking group has used for several years.
Ho Mobile, an Italian mobile operator, owned by Vodafone, has confirmed a massive data breach on Monday and is now taking the rare step of offering to replace the SIM cards of all affected customers.
This development is being driven by the many immediate gains that can be achieved using machine learning models in diverse domains, from image recognition to credit risk prediction.
Websites of multiple Indian government departments, including national health and welfare agencies, are leaking COVID-19 lab test results for thousands of patients, the BleepingComputer reported.
According to a new report by Check Point Research, cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID-19 cases continue to increase globally.
North Korean hacking group Thallium aka APT37 has targeted users of a private stock investment messenger service in a software supply chain attack, according to a report published this week.
This week a threat actor leaked data of 10,000 Mexico-based American Express credit cardholders on a forum. The finding was brought to light by threat intelligence analyst, Bank Security.
The plan sets forth how the United States government will defend the American economy through enhanced cybersecurity coordination, policies and practices, aimed at mitigating maritime cyber risks.
The campaign, first detected in December, is believed to have claimed over 6,500 victims based on the number of unique visitors to the Pastebin pages used to locate the command and control servers.
Caveonix, which was founded in 2017, announced it has raised $7.3 million in Series A funding. The round was led by First In Capital, as well as other early investors in the company.
Scammers coordinating these attacks are also actively attempting to convince potential victims to install remote administration and desktop sharing software to steal the targets' banking information.
A group of U.S. intelligence agencies on Tuesday formally accused Russia of being linked to the recently discovered hack of IT group SolarWinds that compromised much of the federal government.
A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected.
A data breach at Aurora Cannabis has exposed the personal information of an unknown number of the Canadian company’s current and former employees, Marijuana Business Daily has learned.
COVID-19 vaccine scams offering cheap and quick shots are on the rise, according to European and U.S. government officials who are warning the public of fraudsters out for money and personal data.
Cisco Talos recently discovered multiple vulnerabilities in SoftMaker's TextMaker software. A user could trigger these vulnerabilities by opening an attacker-created, malicious document.
Attackers leverage holes in default security configurations on Magento stores to inject a CSS code that has the capability to siphon off the credit card details of unsuspecting users.
The funding round was led by NightDragon and global investment firm Francisco Partners. The fresh financing will be spent on supporting the company's "rapid growth" in a market it says is worth $25bn.
Each Babuk Locker executables analyzed by BleepingComputer has been customized on a per-victim basis to contain a hardcoded extension, ransom note, and a Tor payment URL.
A new worm written in Golang turns Windows and Linux servers into XMRig Miner. Researchers say it may be preparing to target additional weak configured services in its future updates.
Experts reveal the StrongPity APT group could have links with state-sponsored campaigns with the ability to search and exfiltrate multiple files or documents from the victim’s machine.
Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump.
The National Security Agency (NSA) has shared guidance on how to detect and replace outdated Transport Layer Security (TLS) protocol versions with up to date and secure variants.
Ubuntu Security Notice 4677-2 - USN-4677-1 fixed a vulnerability in p11-kit. This update provides the corresponding update for Ubuntu 14.04 ESM. David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
IPS Community Suite versions 4.5.4 and below suffer from a remote SQL injection vulnerability in the Downloads REST API.
This Metasploit module exploit BITS behavior which tries to connect to the local Windows Remote Management server (WinRM) every times it starts. The module launches a fake WinRM server which listen on port 5985 and triggers BITS. When BITS starts, it tries to authenticate to the Rogue WinRM server, which allows to show more ...
WinAVR version 20100110 suffers from an insecure folder permissions vulnerability.
Ubuntu Security Notice 4682-1 - It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
Newgen Correspondence Management System (corms) eGov version 12.0 suffers from an insecure direct object reference vulnerability.
Ubuntu Security Notice 4681-1 - Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A local attacker could use this to cause a denial of service. It was discovered that the console keyboard driver in the Linux kernel show more ...
WordPress Litespeed Cache plugin version 3.6 suffers from a cross site scripting vulnerability.
Zerologon is a vulnerability in Microsoft's Netlogon Remote Procedural Call (MS-NRPC) protocol. Specifically, this vulnerability occurs due to an incorrect implementation of the AES-128 Counter Feedback mode of operation. This vulnerability was given a CVSS score of 10 by Microsoft and can be carried out by anyone show more ...
Responsive E-Learning System version 1.0 suffers from a persistent cross site scripting vulnerability.
Responsive E-Learning System version 1.0 suffers from a remote shell upload vulnerability.
Red Hat Security Advisory 2021-0028-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only show more ...
WordPress WP24 Domain Check plugin version 1.6.2 suffers from a persistent cross site scripting vulnerability.
Ubuntu Security Notice 4680-1 - It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the binder IPC implementation in the show more ...
Expense Tracker version 1.0 suffers from a persistent cross site scripting vulnerability.
Ubuntu Security Notice 4679-1 - It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local show more ...
IPeakCMS version 3.5 suffers from a blind remote SQL injection vulnerability.
IObit Uninstaller version 10 Pro suffers from an unquoted service path vulnerability.
Ubuntu Security Notice 4678-1 - It was discovered that the AMD Running Average Power Limit driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. Jann Horn discovered that the io_uring subsystem in the Linux kernel did not show more ...
dirsearch version 0.4.1 suffers from a CSV injection vulnerability.
Advanced Webhost Billing System version 3.7.0 suffers from a cross site request forgery vulnerability.
The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. "This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and
"Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy. "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this opening statement will no longer find a place in the policy. The show more ...
Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive (JAR) file called "TRUMP_SEX_SCANDAL_VIDEO.jar," which, when downloaded, installs Qua or Quaverse RAT (QRAT)
Have you been emailed a file claiming to be video evidence of a Donald Trump sex scandal? Don't click!
Please join me on Tuesday 12 January, for a live webinar where I will be discussing ransomware, with the lovely folks from Cloudian.
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By show more ...
