Apple has released a security update to close three zero-day vulnerabilities: CVE-2021-1780, CVE-2021-1781, and CVE-2021-1782. Because Apple believes unnamed cybercriminals are already exploiting those vulnerabilities, the company advises all iOS and iPadOS users to update their operating systems. The vulnerabilities show more ...
U.S. and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charged in a Florida court. show more ...
Authorities across Europe on Tuesday said they’d seized control over Emotet, a prolific malware strain and cybercrime-as-service operation. Investigators say the action could help quarantine more than a million Microsoft Windows systems currently compromised with malware tied to Emotet infections. First show more ...
Police in the Netherlands have arrested two health ministry workers for allegedly stealing COVID-19 patient data from the agency's systems and offering it for sale online.
The flaw, tracked as CVE-2021-1257, exists in the web-based management interface of the Cisco DNA Center, which is a centralized network-management and orchestration platform for Cisco DNA.
"This incident is related to Accellion software used by ASIC to transfer files and attachments," the corporate regulator said in a notice posted on the evening before a public holiday.
BEC scammers targeted victims' out-of-office replies and read receipts during the 2020 holiday season, when many took time off work and automatic replies were more prevalent, researchers report.
Norway's Data Protection Authority said on Tuesday it plans to fine dating app Grindr about $11.7 million for what the regulator said was illegal disclosure of user data to advertising firms.
A relatively small number of groups seem to dominate the cybercrime market, offering their malware on a rental basis, while taking a chunk of profits and using money laundering to cover their tracks.
Addressing these risks is imperative for the public and private sectors, as evidenced by recent high-profile attacks, presumably by Russia, that impacted multiple government agencies and corporations.
FireEye recently encountered various phishing campaigns, mostly in the Americas and Europe, using WOFF-based substitution cypher, localization specific targeting, and various evasion techniques.
Soaring bitcoin rates are motivating a large number of cybercriminals to resort to cryptomining, which has increased by 53% quarter-on-quarter in the final three months of 2020, as per a report by Avira.
Compared to previous campaigns, the Tuesday report suggests that this most recent variant comes packed mostly with the same deadly arsenal of tools that have come before.
According to the FBI’s Internet Crime Complaint Center, bait and switch cases by online Chinese vendors targeting Oregonians have increased by 30 percent since June 2020.
According to a report in Motherboard, the person selling the database full of Facebook users' phone numbers ($20 per number) lets customers lookup those numbers by using an automated Telegram bot.
Apple on Tuesday released updates for devices running iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild.
Mission Secure's Series B funding round is co-led by IREON Ventures Ltd., Energy Innovation Capital, and Blue Bear Capital Partners. This brings the company's total funding to date to $22.5 million.
A major vulnerability impacting a large chunk of the Linux ecosystem has been patched today in Sudo, an app that allows admins to delegate limited root access to other users.
A Nefilim ransomware attack that locked up more than 100 systems stemmed from the compromise of an unmonitored account belonging to an employee who had died three months previously, researchers said.
The "pay or get breached" ransomware trend — also known as the "double extortion" scheme — took off in 2020, despite the prolific Maze Team's announcement that it would be discontinuing operations.
Mobile devices commonly run a variety of applications that have the potential to contain exploitable vulnerabilities or deliberate malicious behaviors that exploit specific app permissions.
Kaspersky’s industrial cybersecurity researchers analyzed a list of nearly 2,000 domains impacted by Sunburst and estimated that roughly 32% of them were associated with industrial organizations.
Cyware's threat intel experts are hosting a webinar on 28th January 2021. The webinar will cover interesting discussion points around threat intelligence, where and how it fits into a mid-market security model, and what challenges teams face.
Massive pan-Asian retail chain operator Dairy Farm Group was attacked this month by the REvil ransomware operation. The attackers claim to have demanded a $30 million ransom.
Ivanti is acquiring Cherwell to expand the reach of its Neurons platform, providing end-to-end service and asset management from IT to lines of business and from every endpoint to the IoT edge.
Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders.
The impact of a ransomware attack can be devastating. The average attack can cost over $1 million. It can take a company offline for 5-10 days, costing millions more in lost productivity and damages.
Ransomware continues to be one of the most impactful threats. Aside from vulnerabilities, its primary delivery method remains phishing emails, with links or attachments containing early-stage loaders.
When the tool is loaded, it leverages the LeafPHP mailer library to distribute the spam. It contains various text fields that allow the attacker to input custom data for important email fields.
The deal will bolster its Detect and Respond cyber client offering with R9B’s deeply experienced cyber operations professionals and its award-winning threat-hunting and risk assessment solutions.
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. An attacker can use a specially crafted HTTP request to trigger a denial of service condition.
DeRusha’s appointment, first reported by CyberScoop, was made public on his LinkedIn profile on Monday night, and confirmed by acting Federal Chief Information Officer Maria Roat on Tuesday.
The new NAT Slipstreaming attack variant builds on the previously disclosed technique to bypass routers and firewalls and reach any unmanaged device within the internal network from the Internet.
It can allow cybercriminals to carry out SMSishing, SIM Swapping attacks, and identity scams while State-backed actors can use the data for all sorts of malicious purposes.
A warning has been issued by the UK's NCA and FCA on a rise in clone company scams targeting those looking for investment opportunities to recover financially from COVID-19.
Avaddon ransomware actors reportedly launched a DDoS attack against one of its victims' websites to put the victim organizations under pressure of negotiating the ransom payment.
Trend Micro’s Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes and rules for the Pwn2Own Vancouver 2021 hacking competition, a hybrid event scheduled to take place on April 6-8.
Emotet, which is distributed through an automated process, is said to be one of the biggest players in the cybercrime world as other malware operators like TrickBot and Ryuk have benefited from it.
Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.
STVS ProVision version 5.9.10 suffers from a cross site request forgery vulnerability.
STVS ProVision version 5.9.10 suffers from an authenticated reflective cross site scripting vulnerability.
STVS ProVision version 5.9.10 suffers from an authenticated file disclosure vulnerability in archive.rb.
Revive Adserver versions 5.1.0 and below suffer from multiple reflective cross site scripting vulnerabilities.
Constructor.Win32.SpyNet.a malware suffers from a remote password leak vulnerability.
Backdoor.Win32.Wollf.14 malware has a backdoor on TCP/7614 that does not require any authentication.
Backdoor.Win32.DarkKomet.apbb malware suffers from an insecure permissions vulnerability.
Gentoo Linux Security Advisory 202101-33 - Multiple vulnerabilities have been found in sudo, the worst of which could result in privilege escalation. Versions less than 1.9.5_p2 are affected.
Gentoo Linux Security Advisory 202101-32 - A weakness was discovered in Mutt and NeoMutt's TLS handshake handling. Versions less than 2.0.2 are affected.
Gentoo Linux Security Advisory 202101-31 - A vulnerability in Cacti could lead to remote code execution. Versions less than 1.2.16-r1 are affected.
Apple Security Advisory 2021-01-26-4 - Xcode 12.4 addresses a path handling issue.
Apple Security Advisory 2021-01-26-3 - watchOS 7.3 addresses a race condition vulnerability.
Apple Security Advisory 2021-01-26-2 - tvOS 14.4 addresses a race condition vulnerability.
Apple Security Advisory 2021-01-26-1 - iOS 14.4 and iPadOS 14.4 address race condition and arbitrary code execution vulnerabilities.
Red Hat Security Advisory 2021-0223-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0222-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0221-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0224-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0227-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0219-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0225-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0218-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0220-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0226-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. Reported by an anonymous researcher, the three zero-day flaws — CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 — could have allowed an attacker to elevate privileges and achieve remote code execution. The iPhone maker did not
Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies. And as the year came to a close, more businesses began trying to assemble the safety infrastructure required to return to some semblance of normal in 2021. But at the end of the
Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic. With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have to bolster security around resetting passwords on user accounts. How can organizations bolster the
Newly discovered security vulnerabilities in ADT's Blue (formerly LifeShield) home security cameras could have been exploited to hijack both audio and video streams. The vulnerabilities (tracked as CVE-2020-8101) were identified in the video doorbell camera by Bitdefender researchers in February 2020 before they were eventually addressed on August 17, 2020. LifeShield was acquired by
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research. Detailed by enterprise IoT security firm Armis, the new attack (CVE-2020-16043 and CVE-2021-23961) builds on the previously disclosed technique to bypass routers and firewalls and reach any unmanaged device within the internal
With so much of the world transitioning to working, shopping, studying, and streaming online during the coronavirus pandemic, cybercriminals now have access to a larger base of potential victims than ever before. "Zoombomb" became the new photobomb—hackers would gain access to a private meeting or online class hosted on Zoom and shout profanities and racial slurs or flash pornographic images.
Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure compute infrastructure. Following disclosure to Microsoft, the Windows maker is said to have "determined
The Federal Trade Commission is warning computer users not to be fooled by a website that appears to have stolen the look-and-feel of the genuine FTC in an attempt to defraud consumers.
Apple is encouraging owners of iPhones and iPads to update their devices to the latest version of iOS and iPadOS in order to protect against serious vulnerabilities that could have already been actively exploited by malicious hackers.
Threat experts at Google say that they have identified an ongoing hacking campaign that has targeted computer security experts, specifically those researching the very type of software vulnerabilities exploited by cybercriminals. Read more in my article on the Hot for Security blog.
