In episode 192 of the Kaspersky Transatlantic Cable podcast, Jeff and I discuss a new ransomware attack with a surprising doxing angle. From there we move to a story on Threatpost about Google’s decision to begin removing third-party tracking cookies from its browser and turning to a controversial technology show more ...
A year ago, on March 11, the World Health Organization officially declared a pandemic. Each of us has spent the past year differently, extracting our own unique experiences. But some things common to all can be generalized. We shan’t dwell on the bad. Instead, let’s focus on the good. What useful lessons show more ...
The current approaches most organizations take towards security are not good enough, writes Albert Zhichun Li, the Chief Security Scientist at Stellar Cyber. Something has to change. The post Futility or Fruition?Rethinking Common Approaches To Cybersecurity appeared first on The Security Ledger. Related show more ...
The attack affected IT systems at a Spanish government agency that manages unemployment benefits, disrupting “hundreds of thousands” of appointments at the agency, a Spanish labor union said Tuesday.
An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers.
The transaction included both primary and secondary offerings, with the company getting $175 million in new capital. That brings the total raised by Snyk, which was founded in 2015, to $470 million.
A ransomware attack paralyzed the systems at the Oloron-Sainte-Marie hospital in southwest France. The ransomware gang is demanding the payment of a ransom of $50,000 worth of Bitcoin.
The Ramat Gan, Israel-based cloud security startup said it needs to keep improving its product, acquiring additional customers, and educating the market about cloud-native security.
Intel announced that it has signed an agreement with Defense Advanced Research Projects Agency (DARPA) to perform in its Data Protection in Virtual Environments (DPRIVE) program.
Hackers have infiltrated the Norwegian Parliament’s computer systems and extracted data, officials said on Wednesday, just six months after a previous cyber attack was made public.
Cyber insurance provider Corvus on Wednesday announced that it has raised $100 million in a Series C funding round. To date, the company has raised a total of $147 million.
Researchers at Check Point recently discovered that the operator of a mobile malware tool was employing a novel new method to sneak its malware into Google's official Android Play mobile app store.
Alert overload still plagues the cybersecurity industry, according to Critical Start. 47% of respondents reported personally investigating 10 to 20 alerts each day, a 12% increase from 2019.
A financially-motivated hacking group that appeared to drop off the map a year-and-a-half ago is back with a new and improved backdoor, according to Bitdefender research published Wednesday.
Datto announced that it has acquired BitDam. BitDam’s cyber-defense platform secures collaboration tools, such as M365 and Google Workspace, from ransomware, malware, and phishing.
Security and automation vendor F5 has warned of seven patch-ASAP-grade vulnerabilities in its Big-IP network security and traffic-grooming products, plus another 14 vulnerabilities worth fixing.
Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors.
A total of 15 vulnerabilities affecting Netgear switches that use the ProSAFE Plus configuration utility were found to expose users to various risks, according to researchers with NCC Group.
The CISA will take over the day-to-day management of the official .gov top-level domain in April, adding a greater emphasis on security for the domains used for government websites.
The Lazarus Group was spotted using the MATA framework, which it has been using since 2019, to deploy the TFlower ransomware. It has claimed a dozen victims so far.
While previous Twitter analysis identified this loader as a mere variant of TA800’s existing BazaLoader malware, new research cites evidence that NimzaLoader is a disparate strain.
The advice was provided in Locked Out: Tackling Australia's ransomware threat, which is a 14-page document [PDF] prepared by the Cyber Security Industry Advisory Committee.
The U.S. FINRA has warned brokerage firms and brokers against an ongoing phishing campaign impersonating the agency and sending fake compliance audit alerts to pilfer information.
Microsoft and FireEye uncover three more malware strains associated with the suspected Russian perpetrators who breached the SolarWinds software between August and September 2020.
A Vietnamese security researcher has published today the first functional public proof-of-concept exploit for a group of vulnerabilities in Microsoft Exchange servers known as ProxyLogon.
Considering the duplication and behavioral differences between the two groups, Intezer researchers argue that QNAPCrypt may have been transferred to the SunCrypt operator and upgraded.
Multiple zero-day exploits (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) were used to launch attacks against on-premise versions of Microsoft Exchange Server.
An analysis on the state of cybersecurity in schools across the US, titled "The State of K-12 Cybersecurity: 2020 Year in Review," has revealed a record-breaking number of security incidents in 2020.
sigstore will empower software developers to securely sign software artifacts such as release files, container images and binaries. Signing materials are then stored in a tamper-proof public log.
The results from an NCC Group survey show that 40% of respondents froze recruitment in cyber, 29% made redundancies and one in five furloughed staff responsible for cyber resilience programs in 2020.
At least 10 different hacking groups are using recently discovered flaws in Microsoft Corp’s mail server software to break into targets around the world, ESET said in a blog post on Wednesday.
The analysis focused on Prime+Probe, a cache side-channel attack method that can detect which cache sets are accessed by the target and uses that to infer potentially valuable information.
Scammers have started targeting Wall Street investors to earn seven times more money than a normal BEC scam by using fake capital calls notices requesting payment for counterfeit investments.
After the release of a proof-of-concept for a new dependency confusion vulnerability by a researcher, hundreds of bogus npm packages have popped up targeting Amazon, Zillow, Lyft, and Slack NodeJS apps.
NuCom 11N Wireless Router version 5.07.90 suffers from a remote privilege escalation vulnerability. The non-privileged default user (user:user) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password (admin credentials) in Base64 encoded show more ...
Red Hat Security Advisory 2021-0808-01 - The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Issues addressed include a use-after-free vulnerability.
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
scanlogd is a system daemon which attempts to log all portscans of a host to the syslog, in a secure fashion.
The bd daemon, which runs as part of the F5 BIG-IP Application Security Manager (ASM), is vulnerable to a stack-based buffer overflow when processing overlong HTTP response headers in the is_hdr_criteria_matches function.
Big IP's Traffic Management Microkernels (TMM) URI normalization incorrectly handles invalid IPv6 hostnames allowing for information disclosure and an out-of-bounds write condition.
Red Hat Security Advisory 2021-0809-01 - The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Issues addressed include a use-after-free vulnerability.
Trojan-Dropper.Win32.Hamer.10 malware suffers from a denial of service vulnerability.
Nsasoft Hardware Software Inventory version 1.6.4.0 suffers from a denial of service vulnerability.
Red Hat Security Advisory 2021-0713-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
Trojan-Spy.Win32.KeyLogger.qt malware suffers from an insecure permissions vulnerability.
MyBB OUGC Feedback plugin version 1.8.22 suffers from a cross site scripting vulnerability.
Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service (DoS) attack and even unauthenticated remote code execution on target networks. The patches concern a total of seven related flaws (from CVE-2021-22986 through CVE-2021-22992), two of which were discovered and
Password security has long been an issue for businesses and their cybersecurity standards. Account passwords are often the weakest link in the overall security posture for many organizations. Many companies have used Microsoft's default password policies for decades. While these can be customized, businesses often accept the default values for their organization. The Windows default password
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. "CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal
Is it the end of the road for John McAfee? Is PornHub more legitimate than Facebook? And do you know as much as you think you do about the Microsoft Exchange Server mega-hack? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Police in the Netherlands and Belgium have made hundreds of raids, and arrested at least 80 people, after cracking into an encrypted phone network used by organised criminals. Read more in my article on the Tripwire State of Security blog.
A hacking group has gained access to the feeds of 150,000 surveillance cameras used inside businesses, schools, police departments, hospitals, and well-known companies. Read more in my article on the Bitdefender BOX blog.
