The effect of COVID-19 has, I think we can all agree, been felt throughout the whole world and throughout all faucets of everyday life. From lockdowns to face masks — we’ve all had to make changes to our everyday life. However, lockdown life was generally predicted to bring about a positive shift in the show more ...
A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The new charges have derailed plans to deport him under compassionate release because of the show more ...
Indelible discovered the “PushBug” campaign, which is a highly resilient operation, spread across more than 100 domains and installing browser-based activity that is difficult to detect.
During a routine dark web monitoring, researchers from Cyble found a leak of over 500,000 records of C-level executives from Capital Economics on a Russian-speaking forum.
The maintainers of OpenWRT, an open-source project that provides free and customizable firmware for home routers, have disclosed a security breach that took place over the weekend.
Excellus Health Plan, Inc. has agreed to pay $5.1m to the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) to settle potential HIPAA violations.
The UK’s Ministry of Defense (MoD) experienced an 18% rise in personal data loss incidents in the financial year 2019/20, according to official figures analyzed by the Parliament Street Think Tank.
Joker’s Stash, which is by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021.
Forums of the Windows utility developer IObit were hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.
The company wrote to customers mid-last week to inform them of a "breach of security resulting in the unauthorised access to data from our user database," according to the email seen by The Register.
Microsoft is stepping up security for users of Microsoft Defender for Endpoint by changing a key setting, switching the default from optional automatic malware fixes to fully automatic remediation.
Symantec identified another malware strain that was used during the SolarWinds supply chain attack, bringing the total number to four, after the likes of Sunspot, Sunburst (Solorigate), and Teardrop.
Its current targets include TerraMaster data storage units, web applications built on top of the Zend PHP Framework, and websites running the Liferay Portal content management system.
The governor of New Zealand's Reserve Bank, the nation's central bank, says he "personally owns" responsibility for a data breach that exposed private and sensitive stakeholder information.
Google Cloud's first chief information security office (CISO) has revealed that Google's cloud venture does use software from vendor, SolarWinds, but says its use was "limited and contained".
The flaws, collectively called "DNSpooq" by Israeli research firm JSOF, echoes previously disclosed weaknesses in the DNS architecture, making Dnsmasq servers powerless against a range of attacks.
Infosec researchers recently found a zero-day flaw in Windows 10, including the latest version, that allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.
A new Russian cybercrime outfit dubbed Classiscam has been found to have enabled theft of millions of dollars through a new scam-as-a-service operation.
Attackers often target DNS via attacks such as tunneling, phishing, hijacking, cache poisoning, and DDoS, however, other attack methods have also been observed.
Since Active Directory is used as a source from which to sync to other identity stores, any tampering with Active Directory can cause a devastating ripple effect across your identity infrastructure.
Using the ongoing adoption of the REAL ID Act of 2005 in an attempt to make the scam sound legitimate, the attackers have used three specific text phishing messages, the New York State DMV said.
FireEye released a free tool on GitHub named Azure AD Investigator that can help companies determine if the SolarWinds hackers (aka UNC2452) used any of their attack techniques inside their networks.
The theft occurred after hackers infiltrated the Wentworth IT system and sent out a post to members, seemingly demanding a payment in bitcoins, a cyber currency, to “recover files”.
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
Backdoor.Win32.NetBull.11.a malware suffers from a remote buffer overflow vulnerability.
Email-Worm.Win32.Agent.gi malware suffers from a remote stack buffer overflow vulnerability.
Constructor.Win32.SMWG.c malware suffers from an insecure permissions vulnerability.
Constructor.Win32.SMWG.a suffers from an insecure permissions vulnerability.
Newfuture Trojan V.1.0 BETA 1 malware suffers from an insecure permissions vulnerability.
Red Hat Security Advisory 2021-0155-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server.
Red Hat Security Advisory 2021-0154-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server.
Ubuntu Security Notice 4699-1 - It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information.
Red Hat Security Advisory 2021-0153-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server.
Red Hat Security Advisory 2021-0190-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platform 4.6. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2021-0156-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server.
Red Hat Security Advisory 2021-0151-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0152-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0150-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0187-01 - Red Hat OpenShift Virtualization release 2.5.3 is now available with updates to packages and images that fix several bugs and security issues. Issues addressed include denial of service and integer overflow vulnerabilities.
Ubuntu Security Notice 4698-1 - Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Moshe Kol and Shlomi Oberman discovered that show more ...
Red Hat Security Advisory 2021-0189-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0183-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0184-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0181-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
Ubuntu Security Notice 4697-1 - It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. It was discovered that Pillow show more ...
Red Hat Security Advisory 2021-0037-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.12.
Red Hat Security Advisory 2021-0039-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat Security Advisory 2021-0167-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.
An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in Linux devices to co-opt the systems into an IRC botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency. The attacks involve a new malware variant called "FreakOut" that leverages newly patched flaws in TerraMaster, Laminas Project (formerly Zend Framework), and
Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code. The seven flaws, collectively called "DNSpooq" by Israeli research firm JSOF, echoes previously disclosed weaknesses in
Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities. CISOs at SMEs are
Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Sunburst (or Solorigate), and Teardrop that
The Scottish Environment Protection Agency (SEPA) has confirmed that it is continuing to respond to an ongoing ransomware attack that has encrypted files, disrupted systems and seen 1.2 GB of data stolen by cybercriminals. Read more in my article on the Hot for Security blog.
