Some professions are simply more susceptible to cyberattacks than others, regardless of the type of business. Today, we’re focusing on the cyberthreats aimed at professionals who work in human resources. The simplest, but far from the only, reason is that HR employees’ e-mail addresses are published on show more ...
ProtonMail, Threema, Tresorit, and Tutanota together issued a joint statement this week declaring that a resolution the European Council adopted on December 14 is ill-advised.
New Zealand’s financial markets regulator said the country’s stock exchange operator’s systems were “insufficient” following a probe into the multiple outages and cyber attacks last year.
The emergence of the everywhere enterprise has shifted CISO priorities away from combating network security threats and towards mitigating mobile security risks, Ivanti reveals.
Researcher RyotaK discovered a vulnerability in the VS Code's Continuous Integration (CI) script that let him break into Microsoft VS Code's official GitHub repository and commit files.
The TeamTNT cybercrime group is known for cloud-based attacks, including targeting Amazon Web Services (AWS) credentials in order to break into the cloud and use it to mine the Monero cryptocurrency.
The U.S. CISA issued a security advisory to warn industrial organizations of some high severity flaws in SCADA/HMI products made by Japanese electrical equipment company Fuji Electric.
An Infoblox report reveals a disruptive year of workforce transformation forced by COVID-19 shutdowns during which respondents also handled expensive fallouts from network outages and data breaches.
LogoKit installs were identified on 300 plus domains over the past week and more than 700 sites over the past month. LogoKit relies on sending users phishing links that contain their email addresses.
The advisory covers actors that have been designated under the scope of Office of Foreign Assets Control’s cyber-related sanctions program, including Cryptolocker, SamSam, WannaCry 2.0, and Dridex.
The U.S. DoJ announced today the disruption of the Netwalker ransomware operation and the indictment of a Canadian national for alleged involvement in the file-encrypting extortion attacks.
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
Researcher Paul Litvak discovered an unpatched vulnerability in Microsoft Azure Functions that could be used by attackers to escalate privileges and escape the Docker container used for hosting them.
Made public by self-described security researcher Shoeb ‘CaptainFreak’ Patel on January 23, the research suggests that Express.js may be susceptible to local file read errors.
For the first time on Tuesday, Microsoft disclosed revenue from its various security offerings as part of its quarterly earnings — amounting to $10 billion over the last 12 months.
Delegating password reset permissions in Active Directory Microsoft Active Directory contains a feature that allows delegating permissions to certain users or groups to carry out very granular tasks.
Google has finally brought Web Authentication (WebAuthn) passwordless authentication to Chrome OS to allow users to sign in to websites with a PIN or fingerprint used to unlock a Chromebook.
Many experts say that smaller cities, rural areas, and socio-economically struggling neighborhoods genuinely suffer from a shortage of local cyber talent, often due to a lack of on-the-job experience.
Stack Overflow has published details of a breach from May 2019, finding evidence that an intruder in its systems made extensive use of Stack Overflow itself to determine how to make the next move.
Throughout 2020, businesses have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work and navigate a rapid adoption of automation technologies.
Newly discovered security vulnerabilities in ADT's Blue (which was formerly known as LifeShield) home security cameras could have been exploited to hijack both audio and video streams.
The U.S. has struck a rare blow against an international ransomware gang, charging one alleged member of a hacker ring that has shut down health care facilities, colleges, and utilities companies.
The FTC issued a unique consumer alert this week, warning that scammers pretending to be the U.S. regulatory agency have been attempting to bilk the public out of their bank accounts and life savings.
The number of distributed denial-of-service attacks launched in 2020 surpassed 10 million, up from 8.5 million in 2019, according to NetScout's Atlas Security Engineering and Response Team.
Breaches and leaks of sensitive information from organizations doubled last year, even as consumer concerns over data privacy surged, according to two new reports published on Data Protection Day.
Although the tactic was unique considering the targeting of security researchers, it is not technically novel. This incident is a reminder to maintain your psychological defenses and stay vigilant.
"Overall, the Wordfence scanner found malware originating from a nulled plugin or theme on 206,000 sites, accounting for over 17% of all infected sites," Wordfence said on Wednesday.
Although Microsoft deemed the bug “very difficult” to exploit and therefore only fixed it in Windows 8, researcher Adam Zabrocki says that he was able to rework the attack for use against Windows 7.
Titled, "Online Impersonation Prohibition," House Bill 239 introduced by Rep. Karianne Lisonbee proposes legal consequences for people that "use the name or persona of an individual" without consent.
Apple said that new privacy pop-up notifications will start appearing on most iPhones as soon as early spring, a requirement that major digital ad firms have warned will harm their businesses.
Dubbed "Oscorp" by Italy's CERT-AGID, the malware "induce(s) the user to install an accessibility service with which [the attackers] can read what is present and what is typed on the screen."
The code, its execution, the ways the operators communicate with victims and the threats to the stolen data have been labeled “unprofessional.” This does not mean that the malware is harmless.
This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command show more ...
This Metasploit module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can probably also be used to exploit Operations Bridge Manager (containerized) and Application Performance Management.
Ubuntu Security Notice 4706-1 - Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. Adam Mohammed found that show more ...
Ubuntu Security Notice 4707-1 - It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request.
Chamilo LMS version 1.11.14 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 4712-1 - USN-4576-1 fixed a vulnerability in the overlay file system implementation in the Linux kernel. Unfortunately, that fix introduced a regression that could incorrectly deny access to overlay files in some situations. This update fixes the problem.
Ubuntu Security Notice 4713-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.
Ubuntu Security Notice 4711-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify show more ...
Ubuntu Security Notice 4710-1 - Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service.
Red Hat Security Advisory 2021-0290-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2021-0289-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2021-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
Gentoo Linux Security Advisory 202101-35 - Multiple vulnerabilities have been found in phpMyAdmin, allowing remote attackers to conduct XSS. Versions less than 4.9.6:4.9.6 are affected.
Gentoo Linux Security Advisory 202101-34 - Multiple vulnerabilities have been found in Telegram, the worst of which could result in information disclosure. Versions less than 2.4.4 are affected.
WordPress SuperForms plugin version 4.9 suffers from a remote shell upload vulnerability.
jQuery UI version 1.12.1 suffers from a denial of service vulnerability.
Ubuntu Security Notice 4709-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify show more ...
Ubuntu Security Notice 4708-1 - Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. It was discovered that the btrfs file system show more ...
Red Hat Security Advisory 2021-0285-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
Ubuntu Security Notice 4705-2 - USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.
CMSUno version 1.6.2 authenticated remote code execution exploit. The original discovery for the vulnerability leveraged is attributed to Fatih Celik in November of 2020.
EgavilanMedia PHPCRUD version 1.0 suffers from a persistent cross site scripting vulnerability.
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. "We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom
Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet, a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade. The coordinated takedown of the botnet on Tuesday — dubbed "Operation Ladybird" — is the result of a joint effort between authorities in the Netherlands, Germany, the U.S.
Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video. Dubbed "Oscorp" by Italy's CERT-AGID, the malware "induce(s) the user to install an accessibility service with which [the attackers] can read what is present and what is typed on the screen." So named because of the title of the login
Google warns security researchers that North Korean hackers are pretending to be their buddies, sensitive information connected to Coronavirus testing is available for sale in the Netherlands, and is a Peeping Tom at your home security provider spying on you through CCTV? All this and much more is discussed in the show more ...
Graham Cluley Security News is sponsored this week by the folks at Orca Security. Thanks to the great team there for their support! You’re probably familiar with the shared responsibility model. The basic idea is that public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud show more ...
Law enforcement agencies across the globe say that they have dealt a blow against Emotet, described by Interpol as "the world's most dangerous malware", by taking control of its infrastructure. Read more in my article on the Tripwire State of Security blog.
