Employees who receive external e-mails typically receive information about which files are potentially dangerous. For example, EXE files are considered unsafe by default, as are DOCX and XLSX files, which can contain malicious macros. Text files, on the other hand, are generally considered harmless by design, because show more ...
In this episode of the podcast, Paul speaks with Intel Vice President Suzy Greenberg about a new survey by the Poneman Institute that shows how customers’ expectations are changing when it comes to vendor transparency about software vulnerabilities. The post Episode 210: Moving The Goal Posts On Vendor Transparency: show more ...
The specific Excel document used in the recent wave of attacks is using XLM macros to download and execute its payload. The latest update also saw a major change in its first stage loading mechanism.
According to a Cyber Threat Report released by the Bangladesh Government’s e-GOV CIRT on April 1st, hacker group Hafnium has launched attacks on more than 200 organizations in Bangladesh.
A ransomware incident earlier this year temporarily shut down production for two days at a pair of manufacturing facilities in Italy, incident responders at security firm Kaspersky said Wednesday.
The records were labeled “Production” and contained customer PIIs such as names, phone numbers, physical addresses (home and/or office), @members.ebay addresses, and hashed passwords.
New research by Talos highlights how, over the course of the Covid-19 pandemic, collaboration tools like Slack and, much more commonly, Discord have become handy mechanisms for cybercriminals.
Kaspersky spotted a cyberespionage campaign targeted against government and military organizations in Vietnam via DLL side-loading.
The April 2021 Android security bulletin by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.
The methodology of the attack involved adding cryptors to cheat codes, cheat engines, and mods that made it challenging for security teams to analyze the attack.
Stolen videos captured by tens of thousands of security cameras installed at private properties throughout China are now being put up for sale across social media by hackers.
All these attacks happened in Q1 2020, and they were carried out with a new strain of ransomware named Cring (other aliases include Vjiszy1lo, Ghost, Phantom) that was first discovered in January.
Security experts are reporting about the distribution of BazarCall malware via fake call centers. Under the aforementioned campaign, threat actors trick users into installing the Windows malware.
After taking inputs from1,000 enterprise security decision-makers from China, Germany, Japan, the U.K, and the U.S, Microsoft uncovered that 80% of global enterprises experienced firmware attacks.
Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers.
Cisco has released security updates to address a critical pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software's remote management component.
Yanbian Gang has targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, and more.
PHP maintainers issued an update regarding the recent security incident, stating that attackers may have hacked a user database containing passwords to make unauthorized changes to the repository.
It is believed that this mode was added as a way to evade detection by security software and to shut down backup software, database servers, or mail servers to have greater success in file encryption.
Fileless malware and cryptominer attack rates grew by nearly 900% and 25% respectively, while unique ransomware payloads plummeted by 48% in 2020 compared to 2019, according to WatchGuard.
According to the Washington Post, the fake Trezor app, which was on the App Store for at least two weeks (from 22 January to 3 February), was downloaded 1,000 times before it was taken down.
Proofpoint’s recent research indicates that 98% of nearly 3,000 monitored organizations across the U.S., UK, and Australia, received a threat from a supplier domain over a 7-day window in February.
ESET researchers have discovered a previously undocumented Lazarus malware backdoor used to attack a freight logistics company in South Africa, which they have dubbed Vyveva.
OneTrust, a privacy, marketing, security, and data governance firm based in Atlanta, Georgia, today announced it has raised $210 million in a series C extension led by SoftBank’s Vision Fund 2.
A set of zero-click vulnerabilities in the Linux Bluetooth subsystem that allow nearby, unauthenticated attackers “to execute arbitrary code with kernel privileges on vulnerable devices”.
The data breach on Card Mafia, a forum for stealing and trading credit cards, exposed email addresses, hashed passwords, usernames, and IP addresses of 297,744 carding site users.
Michigan State University (MSU) has been impacted by a data breach stemming from a cyberattack on Bricker & Eckler LLP, which is associated with MSU Title IX contractor INCompliance Consulting.
The four cybercriminal groups — Twisted Spider, Viking Spider, Wizard Spider, and the Lockbit Gang — announced at different times throughout summer 2020 that they would be working together.
Cofense announced the acquisition of Cyberfish, a provider of next-generation phishing protection powered by Computer Vision and advanced Machine Learning (ML) technology.
A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely.
Ubuntu Security Notice 4896-2 - USN-4896-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting attacks. Various other issues were also addressed.
Tableau Server versions 2019.4-2019.4.17, 2020.1-2020.1.13, 2020.2-2020.2.10, 2020.3-2020.3.6, and 2020.4-2020.4.2 suffer from an open redirection vulnerability.
Backdoor.Win32.Small.n malware suffers from a code execution vulnerability.
DMA Radius Manager version 4.4.0 suffers from a cross site request forgery vulnerability.
Check Point Identity Agent versions prior to R81.018.0000 allow for an arbitrary file overwrite action with escalated privileges.
Red Hat Security Advisory 2021-1135-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a HTTP request smuggling vulnerability.
The D-Link DSL-320B-D1 ADSL modem suffers from multiple pre-authentication stack buffer overflow vulnerabilities.
Backdoor.Win32.Hupigon.das malware has an unauthenticated open proxy functionality.
Linux kernel version 5.4 BleedingTooth bluetooth zero-click proof of concept remote code execution exploit.
Red Hat Security Advisory 2021-1129-01 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and show more ...
Trojan.Win32.Hotkeychick.d malware suffers from an insecure permissions vulnerability.
Composr version 10.0.36 suffers from a remote shell upload vulnerability.
Trojan-Downloader.Win32.Genome.qiw malware suffers from an insecure permissions vulnerability.
Trojan-Downloader.Win32.Genome.omht malware suffers from an insecure permissions vulnerability.
Trojan.Win32.Hosts2.yqf malware suffers from an insecure permissions vulnerability.
CMSimple version 5.2 suffers from a persistent cross site scripting vulnerability.
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user
An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology. APT34 (aka OilRig) is
Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim. The
When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one's unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA?
Deepfake expert Nina Schick joins us as we discuss synthetic media, Facebook's latest data fiasco, and some less-than-brilliant April Fool's tricks. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.
Many thanks to the great folks at Recorded Future, who are sponsoring my writing this week. Recorded Future provides deep, detailed insight into emerging threats by automatically collecting, analyzing, and organizing billions of data points from the Web. And now, with its FREE Cyber Daily email all IT security show more ...
