Although it significantly reduces some cyberthreat risks, virtualization is no more a panacea than any single other practice. A ransomware attack can still hit virtual infrastructure, as ZDNet reported recently, for example through vulnerable versions of VMware ESXi, Using virtual machines is a strong and safe show more ...
In this week’s Security Ledger Podcast, sponsored by Trusted Computing Group, we’re talking about securing the hardware supply chain. We’re joined by Michael Mattioli, a Vice President at Goldman Sachs who heads up that organization’s hardware supply chain security program. When we think about cyber threats to show more ...
Black Kingdom ransomware, which was detected in recent ProxyLogon attacks against Microsoft Exchange servers was, at least temporarily, foiled through a simple password change.
Morphisec Ltd., a cybersecurity startup with offices in the U.S. and Israel, today said that it has nabbed $31 million in Series C funding to support expansion initiatives.
The plugin (formerly called Official Facebook Pixel) is used to capture user actions when they visit a page and to monitor site traffic and has been installed on over 500,000 websites.
Private aviation services provider Solairus Aviation on Tuesday announced that some employee and customer data was compromised in a security incident at third-party vendor Avianis.
The US Federal Bureau of Investigations has sent out this week a private industry notification to US organizations warning about attacks carried out by the Mamba ransomware gang.
The Ohio-based PDI Group, a major supplier of military equipment to the US Air Force and militaries across the globe appears to have fallen victim to a Babuk Locker ransomware attack.
Night Lion's analysis revealed the data of 10 million people, including SSNs, bank accounts, and drivers license numbers, and millions more with credit history, medical, and vehicle data.
Attackers are actively exploiting two recently-patched vulnerabilities in a popular suite of tools from Thrive Themes, to upload arbitrary files and compromise vulnerable WordPress sites.
Predominant fleeceware app trends include astrology, horoscopes, photo and filter software, music lessons, cartoon creation, QR code/PDF document scanners, and video clip editing.
After a recent disruptive cyberattack, insurance giant CNA has suffered a ransomware attack using a new variant called Phoenix CryptoLocker that is possibly linked to the Evil Corp hacking group.
The CVE-2020-28243 privilege escalation bug impacting SaltStack Salt minions “allows for a local privilege escalation by any user able to create a file on the minion in a non-blacklisted directory.”
Starting with the mid-April release of Google's Chrome 90 web browser, Chrome will default to trying to load the version of a website that's been secured with a Transport Layer Security (TLS).
A previously unknown threat group is deploying Hades ransomware as part of an ongoing campaign that has already targeted three U.S. companies, Accenture's cyberthreat intelligence group reports.
A bug that may not affect the intended UX in any way can potentially be exploited to make it do something very different than it’s intended. The sharpest hackers read these bugs as vulnerabilities.
The deal will see Kroll, which specializes in governance, risk, and transparency, extend its Kroll Responder capabilities through the addition of Redscan and its XDR-enabled SOC platform.
Almost all of the most popular Android applications use open source components, but many of those components are outdated and have at least one high-risk vulnerability, as per an analysis by Synopsys.
The issue affects servers running OpenSSL 1.1.1 versions with TLS 1.2 and renegotiation enabled, which is the default configuration. The vulnerability was reported by two researchers from Nokia.
Google announced the formation of the Android Ready SE Alliance. SE vendors are joining hands with Google to create a set of open-source, validated, and ready-to-use SE Applets.
In these attacks, the threat actors use automated tools to login into Internet-exposed NAS devices using passwords generated on the spot or from lists of previously compromised credentials.
PII security has to be a priority all the time — it's not enough to make sure employees are using good password hygiene, avoiding malicious links and attachments in emails, and so on.
Hornetsecurity Group, a Hanover, Germany-based cloud email security provider, acquired Zerospam, a Montreal, Canada-based email protection company, in a bid to extend its presence in North America.
The archive, containing the purportedly stolen data of 10,930,000 France-based users, includes their names, phone numbers, location coordinates, workplace information, social media profiles, and more.
In wake of the SolarWinds hack, the White House is prepping an executive order to require software vendors to notify federal government customers if they experience a breach.
REvil ransomware group, which recently improved its malware obfuscation techniques, registered its name at the top of the list of highest-ransom demands ever made.
Purple Fox’s worm-like capabilities, which are designed to target Windows machines, use indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes.
This data includes names, home addresses, email addresses, telephone numbers, dates of birth, but also vehicle registration numbers, car makes & models, and license plates.
The University of Northampton announced, in a message posted on Twitter, it had been “working across the network to resolve the issue” and was “sorry for the inconvenience caused”.
A planned Biden administration executive order will require many software vendors to notify federal government customers when they have a cybersecurity breach, according to a draft seen by Reuters.
The data dump shows substantial gun buyer information, including user IDs, full names, email addresses, phone numbers, hashed passwords, and, most alarmingly, physical addresses.
The new update to its Orion networking monitoring tool fixes four security flaws, including two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE).
The exposure of video surveillance by Verkada, a collection of riot videos from Parler, and disclosure of the Myanmar military junta’s high-tech surveillance apparatus, highlight this growing trend.
The increased use of phishing suggests that the tactic is working. This highlights defenders' need to ensure they're taking all technological and training steps possible to block such attacks.
Feedzai, a late-stage fintech startup, is the latest entrant into cybersecurity’s unicorn club after snagging a new $200 million funding round that values the company at more than $1 billion.
Apple has released security updates to address an iOS zero-day bug, tracked as CVE-2021-1879, actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices.
Russia poses the most acute immediate threat to the United Kingdom in cyberspace while China’s ambition to be dominant in a host of new technologies will transform the 21st Century world we live in, the head of Britain’s cybersecurity center said.
Beginning on March 1, 2021, Recorded Future’s Insikt Group identified a large increase in victim communications to PlugX command and control (C2) infrastructure publicly attributed to the suspected Chinese state-sponsored group Calypso APT.
The Canadian company Sierra Wireless became the victim of a ransomware attack against its IT systems on March 20, disrupting internal operations and production facilities.
A ransomware operation known as 'Clop' is applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy.
The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification.
As per a joint statement of the FBI and the CISA, one of the most widespread and powerful forms of malware, Trickbot malware, is now being used in spear-phishing campaigns in an attempt to infect PCs.
Accenture's Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams has published an analysis into the latest Hades campaign which has been operating since at least December 2020 until this month.
A cybersecurity researcher who specializes in industrial control systems (ICS) has identified three types of critical vulnerabilities in products made by human-machine interface (HMI) manufacturer Weintek.
The news magazine Der Spiegel, citing security sources, said the latest cyber-attack from Russia affected seven members of the Bundestag and 31 members of regional parliaments.
Many on-premises Microsoft Exchange servers are being patched, but Microsoft warns that its investigations have found multiple threats lurking on already-compromised systems.
This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected show more ...
Ubuntu Security Notice 4893-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that extensions show more ...
Ubuntu Security Notice 4888-2 - USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP show more ...
Backdoor.Win32.Kwak.12 malware suffers from bypass and code execution vulnerabilities.
Multiple TP-Link devices suffer from an unauthenticated persistent cross site scripting vulnerability. Affected models include TD-W9977, TL-WA801ND, TL-WA801N, TL-WR802N, and Archer-C3150.
Ubuntu Security Notice 3685-2 - USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem.
Backdoor.Win32.Kwak.12 malware suffers from a bypass vulnerability.
Regis Inventory and Monitoring System version 1.0 suffers from a persistent cross site scripting vulnerability.
Ubuntu Security Notice 4891-1 - It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.
GetSimple CMS Custom JS plugin version 0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
Backdoor.Win32.Kwak.12 malware suffers from bypass and man-in-the-middle vulnerabilities.
Backdoor.Win32.Kwak.12 malware suffers from a denial of service vulnerability.
Development Kamel KCFinder version 1.7 suffers from a remote shell upload vulnerability.
This whitepaper provides information about how you can hack JWT tokens for fun and profit.
The Moodle Atto Editor, which does not have versions, suffers from a cross site scripting vulnerability.
IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE). Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via
New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the weaknesses were
The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification. Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. While CVE-2021-3449 affects all OpenSSL
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Recorded Future provides deep, detailed insight into emerging threats by automatically collecting, analyzing, and organizing billions of data points from the Web. And now, with its FREE show more ...
