Unknown attackers recently attempted to carry out a large-scale supply-chain attack by introducing malicious code to the official PHP GIT repository. If the developers hadn’t noticed the backdoor in time, it could have ended up on many Web servers and led to the largest supply-chain attack in history. What show more ...
A few months ago, Apple unveiled three series of computers powered by its own M1 chip, designed to replace Intel’s processors. The chips are notable for being based on the ARM architecture instead of the x86 architecture traditionally used in personal computers. In essence, the Apple M1 is a direct relative of show more ...
Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us over the next few days as show more ...
An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption.
The top official at the DHS announced today a series of 60-day cybersecurity “sprints” aimed at focusing the department’s efforts on ransomware, industrial control systems, and other priorities.
Although the offending tweet has since been deleted, it serves as a reminder for those working from home that keeping systems secure can be challenging when working from home.
BazarLoader operators are working together with underground call centers to trick the victims of their spam campaigns into opening malicious Office documents and infecting themselves with malware.
The DoJ has indicted a Kansas man on charges of hacking into the computer system of a local water utility and trying to sabotage water processing operations with the intent to harm the local public.
The website received the penalty for missing a 72-hour deadline to report the breach to the regulator, which it did on February 4, 2019 — almost a month after it suffered the breach.
As new platforms rose to cater to economic and medical needs, threat actors are pivoting to campaigns designed to impersonate legitimate sources in the hopes of malware deployment and data theft.
Kaspersky found that while 65% of victims aged between 35 and 44 paid their attackers for a decryption key, only 11% of victims aged 55+, and 52% of victims aged 16 to 24, gave in to ransom demands.
Dubbed Cart Crasher by the Sift security firm, the group behind the fraud operation leverages guest checkout options on donation sites to steal money and launder stolen payment cards.
The guidelines are designed to help state and local officials reduce election risks, including before and after voting, along with standards to ensure data and networks are protected against attacks.
Tracked as CVE-2021-28038 and CVE-2021-28688, the newly addressed vulnerabilities in Citrix Hypervisor could be abused by attackers to cause the host to crash or become unresponsive.
Amidst growth in e-commerce, the bad news is that e-commerce sites are potentially exposing customers to attack, making it that much easier for cybercriminals to steal customer information.
The CISA has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days.
The scam campaign involving over 1600 fake Twitter accounts, targets over 2 million Indonesian bank customers, which corresponds to the number of legitimate bank Twitter pages’ followers.
Google Cloud and Deloitte have launched a new platform for enterprises aimed at helping companies thwart cyberthreats as the global workforce has gone remote and cloud usage has exploded.
When malicious applications create BITS jobs, files are downloaded or uploaded in the context of the service host process. This can be used to bypass firewalls that block unknown processes.
Tracked as CVE-2021-21194, it can be exploited to escape the Chrome sandbox. In combination with a renderer bug, it can allow an attacker to remotely execute arbitrary code outside the Chrome sandbox.
While the exact version of Chrome for Linux that would come out with DoH support is yet to be announced, the Chromium project expects either M91 or M92 to contain the feature.
A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack.
An analysis of the websites of 13 of the top mobile telecom companies in the EU has revealed that none of them has in place even the minimum necessary protections to be considered secure.
On Tuesday, the IT department sent a letter to the community saying they “became aware of a cybersecurity threat to the University’s Microsoft Windows-based technology infrastructure.”
The vast majority (75%) of security incidents in the UK legal sector reported to the data protection regulator last year were caused by insiders, according to new Freedom of Information (FOI) data.
The DoJ said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb, a "news" website that "served as a gateway to numerous dark web marketplaces."
The IPAC's website was down on Monday, after suffering a DDoS attack (distributed denial-of-service), causing the site to slow significantly, The Sydney Morning Herald reported.
Mobile device-tracking by Apple and Google take center stage in a report revealing that, despite both allowing users to opt-out of sharing telemetry data – they do anyway.
Activision security researchers found that a Warzone cheat advertised on popular cheating forums was actually malware that let hackers take control of the victims' computers.
The department will conduct a series of 60-day sprints which will mobilize action by elevating existing efforts, removing roadblocks, and launching new initiatives where necessary.
The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%.
Top trade associations in retail, hospitality, and travel are partnering with RH-ISAC and the United States federal government’s CISA to host the first industry-wide cybersecurity exercise.
Months after an apparent ransomware attack against cloud hosting and MSP Netgain Technology, the list of healthcare entities reporting major health data breaches linked to the incident is growing.
According to a report by Watchguard Technologies, in 2020, the use of fileless malware increased rapidly as cybercriminals tried to find new ways to evade traditional security controls.
Researchers surmise that the Hafnium APT group might be operating under the disguise of Hades due to shared IOCs observed in recent attacks.
Most of these attacks were observed in the U.S.-based financial institutions, while other impacted regions include Western Asia, Central, and Western Europe. Phishing is still a major infection vector.
This archive contains all of the 233 exploits added to Packet Storm in March, 2021.
This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device.
This Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the grains on the show more ...
The video gaming industry is a popular target for various threat actors. Players as well as studios and publishers themselves are at risk for both opportunistic and targeted cyber-attacks - tactics range from leveraging fake APKs of popular mobile games, to compromising accounts for resale. Even APT (Advanced show more ...
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
Ubuntu Security Notice 4899-1 - Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code.
ScadaBR version 1.0 suffers from multiple remote shell upload vulnerabilities.
School Registration and Fee System version 1.0 suffers from persistent cross site scripting vulnerabilities.
School Registration and Fee System version 1.0 suffers from a remote blind SQL injection vulnerability.
phpPgAdmin version 7.13.0 suffers from an authenticated command execution vulnerability.
Company Crime Tracking Software version 1.0 suffers from a persistent cross site scripting vulnerability.
Latrix version 0.6.0 suffers from a remote SQL injection vulnerability.
A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack. In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and
Data breaches remain a constant threat, and no industry or organization is immune from the risks. From Fortune 500 companies to startups, password-related breaches continue to spread seemingly unchecked. As a result of the volume of data breaches and cybersecurity incidents, hackers now have access to a vast swathe of credentials that they can use to power various password-related attacks. One
A novel technique adopted by attackers finds ways to use Microsoft's Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily. In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign that distributed custom backdoors such as KEGTAP, which ultimately paved the way for RYUK
The U.S. Department of Justice (DoJ) on Wednesday said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb (DDW), a "news" website that "served as a gateway to numerous dark web marketplaces." According to the unsealed court documents, Tal Prihar, 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan, 34, of Israel,
A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community. Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, has been charged with one count of tampering with a public water system and one count of reckless damage to a protected
FatFace stumps up $2 million to its ransomware extortionists, an IT administrator is caught with his pants down, Mobikwik blames its users for a data breach, and we burgle a house... virtually. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.
When an unintelligible tweet was made by the US Strategic Command's Twitter account, it's understandable that some folks might imagine a password was accidentally published to the world, or that perhaps the account had been compromised, or... gulp!... that it might be a US nuclear launch code.
CISA, the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, has told federal agencies that they have until 1April 5 to scan their networks for evidence of intrusion by hackers, and report back the results. Read more in my article on the Tripwire State of Security blog.
