Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. KrebsOnSecurity first heard about show more ...
Nearly 70 percent of employees polled in a new survey said they recently received cybersecurity training from their employers, yet 61 percent nevertheless failed when asked to take a basic quiz on the topic.
Talon Cyber Security announced that it has secured $26 million in seed funding from Lightspeed Venture Partners, Team8, serial entrepreneur Zohar Zisapel, and leading cyber angel investors.
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%).
Cybersecurity training startup Hack The Box has raised a Series A investment round of $10.6 million, led by Paladin Capital Group and joined by Osage University Partners, Brighteye Ventures, and existing investors Marathon Venture Capital.
A group of security researchers known as the Secret Club took to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players.
FortiGuard Labs captured a phishing campaign that was sending a Microsoft PowerPoint document as an email attachment to spread the new variant of the infamous FormBook malware.
An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave.
These vulnerabilities affect four popular TCP/IP stacks – namely FreeBSD, IPnet, Nucleus NET, and NetX – which are commonly present in well-known IT software and popular IoT/OT firmware and have the potential to impact millions of IoT devices.
A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information.
Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems.
Brave, a Chromium-based browser, has removed Federated Learning of Cohorts (FLoC), Google's controversial alternative identifier to third-party cookies for tracking users across websites.
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim.
The amount of time cybercriminals are spending inside compromised networks is dropping. But while that might sound like a positive development, one reason hackers are spending less time inside networks is because of the surge in ransomware attacks.
Cyberattacks are now the foremost risk to the global financial system, even more so than the lending and liquidity risks that led to the 2008 financial crisis, according to Federal Reserve Chairman Jerome Powell.
There were empty shelves at branches of the Netherlands’ largest supermarket chain recently after a ransomware attack on a key logistics supplier. The attack occurred over the Easter weekend.
Red Hat Security Advisory 2021-1171-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
Blitar Tourism version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Chrome V8 Javascript Engine remote code execution zero day exploit. Google is expected to release an update to their browser on tuesday 04/14/2021 that will address this vulnerability.
Red Hat Security Advisory 2021-1173-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
ExpressVPN VPN Router version 1.0 suffers from an integer overflow vulnerability.
Red Hat Security Advisory 2021-1168-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private show more ...
Simple Student Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Native Church Website version 1.0 suffers from a remote shell upload vulnerability.
A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm
An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers. It is believed
Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed "NAME:WRECK" by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security
Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections. "The emails instruct recipients to click a link to review
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual
Shoppers at Dutch supermarkets may have noticed that some cheeses were in short supply last week, and it was cybercriminals who are to blame. Read more in my article on the Hot for Security blog.
Many Facebook users think they only have to worry about the data that they personally share about themselves on Facebook, by posting messages on the site, connecting with their friends, and liking posts. But the truth is that Facebook knows much more about you than that, by collecting data from your activities off-site as well.
“It is a nightmare. Do all you can to prevent ransomware.” – A survey respondent Many businesses are hesitant to talk about their experiences with ransomware. It can be uncomfortable to cop being hit. Whether it’s shame at not doing more to prevent it, the risk of additional bad publicity from discussing show more ...
Ransomware attacks generate big headlines when the targets are government entities, universities and healthcare organizations. But there’s one increasingly frequent target of ransomware attacks that tends to slip under the radar. Small and midsize businesses (SMBs) have become bigger financial targets for hackers. show more ...
