Windows 10 Ransomware support, dubbed Controlled Folder Access can be the first line of defense for consumer users. It is highly recommended to turn on this feature. Ransomware not only removes access to your data but also requests a ransom payment. In addition, bad actors are increasingly resorting to double show more ...
extortion, in which they threaten to reveal confidential user data if a separate ransom is not paid. The size of payments is on the rise
Conti ransomware group is responsible for Ireland's Health Service Executive (HSE) ransomware attack. HSE, a $25 billion public health system, shut down its IT systems and transitioned to a paper-based system to protect the program from further damage. Even though life-saving equipment and COVID-19 vaccine show more ...
services remained operational, many healthcare practices across Ireland were forced to cancel low-priority appointments. Over the course of two weeks, the Conti ransomware gang claims to have stolen 700 GB of confidential data from the HSE. Patient records, contracts, financial statements, and payroll information are among the stolen data. The Irish National Cyber Security Centre (NCSC), in collaboration with the HSE and other agencies, oversees triage and investigation and has triggered its incident and crisis manageme... (read more)
Google's Chrome can already identify when the passwords are compromised, but now it can also fix those insecure passwords with a single click. Until now, if Chrome’s built-in password manager detected weak credentials that may have been compromised because of a leak or hack, you would receive a small show more ...
notification, followed by a prompt to change it into a stronger one. Nonetheless, changing your password may be a hassle, requiring you to navigate to the web with the affected account, decipher the site's frequently arcane password recovery protocol, and then generate a new password before saving it somewhere safe. Thanks to the assistance of Duplex on the Web, Google is now upgrad... (read more)
Following a recent cyberattack, the website of international education insurance company guard.me is still unavailable. The global business stated on its homepage “Recent suspicious activity was directed at the guard.me website and in an abundance of caution we immediately took down the site”. “Our IS show more ...
(information systems) and IT (information technology) teams are reviewing measures to ensure the site has enhanced security in order to return the site to full service as quickly as possible”. [ORIGIMG=2] Guard.me is one of the world's largest insurance carriers that is specialized in offering health insurance to students who are traveling or studying in another country. Clients received notifications regarding guard.me data breach On Monday, guard.me began emailing students a data breach warning, stating that a website vulnerability enabled unauthorized persons to access policyholders' personal information, as
NotPetya crippled large companies around the globe, Sony Pictures was hacked as retaliation for releasing a movie, and more recently, ransomware hit Colonial Pipeline. These crimes are not just hard to portray on the news, they are also complicated for companies, law enforcement, and policy makers around the globe. show more ...
The Internet does not care about borders, and attacks that originate in one country may victimize targets in multiple other countries, which makes jurisdiction truly tricky. The solution lies in communication — lots of it — and collaboration. However, that’s more than a bit too simple. At RSA 2021, INTERPOL Director of Cybercrime Craig Jones, Special Envoy for Cyber Foreign and Security Policy, Federal Department of Foreign Affairs (FDFA), Switzerland Jon A. Fanzun, and Chair of FIRST (Forum for Incident Response and Security Teams) Serge Droz spoke on a panel called “The ticking ‘cyber-bomb’ and why there’s no global policy response to fix value-chain risks.” Kaspersky’s Senior Manager of Public Affairs Anastasiya Kazakova moderated. The group discussed particular challenges and pondered possible ingredients for a global response. The general consensus favors better collaboration and sharing of awareness of threats and security-related issues across borders. However, jurisdictions are tied to territorial borders, which law-enforcement organizations must respect; unfortunately, we cannot say the same about criminals. “Cybercriminals love ‘divide and conquer’ — if we’re divided, criminals flourish. That’s why this is our biggest challenge, much bigger than a technical challenge, to decide on how we all work better together,” explains Droz. Droz’s sentiment may sound dire, but cross-border collaboration has actually increased in recent years. Private entities, CERTs, law enforcement groups, and governments are beginning to work together to help victims. For example, the No More Ransom project has helped victims of ransomware decrypt files without paying anyone. And recently, Europol, Bundeskriminalamt (Germany), Politie (Netherlands), Polisen (Sweden), Australian Centre to Counter Child Exploitation, Australian Federal Police and Queensland Police Service, the FBI and ICE (USA), and the Royal Canadian Mounted Police collaborated on a multinational takedown of prolific child sexual abuse platforms on the dark web. Those examples give us all hope, but we need to do more. Specifically, we need organizations to embrace the collaboration and start to normalize the way we look at cybercrime. We also need to build greater trust to enable more information sharing and exchange across stakeholder groups and borders. At Kaspersky, we see this collaboration as a three-step process that can help us prevent and respond to attacks on critical infrastructure: National points of contact (POCs) facilitate further coordination with other relevant authorities in a country, organizing regular cyberexercises and developing cross-border procedures, tools, and templates (e.g., for incident assessments, requests for assistance, or responsible vulnerability exchange); In case of attack, POCs connect the attacked critical infrastructure organization with the appropriate software manufacturer, cybersecurity company, and CERTs for their country; POCs then quickly exchange information on the threat, analyze it, and compare forensic samples to remediate the incident efficiently. We envision such collaboration growing and leading to a brighter future.
Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even show more ...
so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online. Researchers in the computer science department at Princeton University say they sampled 259 phone numbers at two major wireless carriers, and found 171 of them were tied to existing accounts at popular websites, potentially allowing those accounts to be hijacked. The Princeton team further found 100 of those 259 numbers were linked to leaked login credentials on the web, which could enable account hijackings that defeat SMS-based multi-factor authentication. “Our key finding is that attackers can feasibly leverage number recycling to target previous owners and their accounts,” the researchers wrote. “The moderate to high hit rates of our testing methods indicate that most recycled numbers are vulnerable to these attacks. Furthermore, by focusing on blocks of Likely recycled numbers, an attacker can easily discover available recycled numbers, each of which then becomes a potential target.” The researchers located newly-recycled mobile numbers by browsing numbers made available to customers interested in signing up for a prepaid account at T-Mobile or Verizon (apparently AT&T doesn’t provide a similar interface). They said they were able to identify and ignore large blocks of new, unused numbers, as these blocks tend to be made available consecutively — much like newly printed money is consecutively numbered in stacks. The Princeton team has a number of recommendations for T-Mobile and Verizon, noting that both carriers allow unlimited inquiries on their prepaid customer platforms online — meaning there is nothing to stop attackers from automating this type of number reconnaissance. “On postpaid interfaces, Verizon already has safeguards and T-Mobile does not even support changing numbers online,” the researchers wrote. “However, the number pool is shared between postpaid and prepaid, rendering all subscribers vulnerable to attacks.” They also recommend the carriers teach their support employees to remind customers about the risks of relinquishing a mobile number without first disconnecting it from other identities and sites online, advice they generally did not find was offered when interacting with customer support regarding number changes. In addition, the carriers could offer their own “number parking” service for customers who know they will not require phone service for an extended period of time, or for those who just aren’t sure what they want to do with a number. Such services are already offered by companies like NumberBarn and Park My Phone, and they generally cost between $2-5 per month. The Princeton study recommends consumers who are considering a number change instead either store the digits at an existing number parking service, or “port” the number to something like Google Voice. For a one-time $20 fee, Google Voice will let you port the number, and then you can continue to receive texts and calls to that number via Google Voice, or you can forward them to another number. Porting seems like less of a hassle and potentially safer considering the average user has something like 150 accounts online, and a significant number of those accounts are going to be tied to one’s mobile number. While you’re at it, consider removing your phone number as a primary or secondary authentication mechanism wherever possible. Many online services require you to provide a phone number upon registering an account, but in many cases that number can be removed from your profile afterwards. It’s also important for people to use something other than text messages for two-factor authentication on their email accounts when stronger authentication options are available. Consider instead using a mobile app like Authy, Duo, or Google Authenticator to generate the one-time code. Or better yet, a physical security key if that’s an option. The full Princeton study is available here (PDF).
The emails had a ZIP file with an HTML that was designed to look like an invoice signed by DocuSign, which is a well-known service that allows organizations to manage electronic agreements securely.
The adversary inserted the malicious code into the footer file of the WordPress-based site associated with a Florida water infrastructure construction company as part of the watering hole attack.
While it is convenient and becoming more popular to use virtual wallets like Venmo, PayPal, and Cash App, there is a risk of potentially being scammed by someone who isn't who they say they are.
ThreatLocker, a startup providing enterprise cybersecurity tools for servers and endpoints, today announced it has raised $20 million in a series B round led by Elephant.
DarkSide, the group behind the recent Colonial Pipeline ransomware attack, received a total of $90 million in bitcoin ransom payments before shutting down last week, according to fresh research.
Cybercriminals are increasingly using Windows Push Notifications to impersonate legitimate alerts. Recent campaigns pose as a Windows Defender Update to target user and system information.
American industrial giant Emerson this week informed customers that it has released firmware updates for its Rosemount X-STREAM gas analyzers to address half a dozen vulnerabilities.
The US Federal Trade Commission (FTC) says that over $80 million were lost to cryptocurrency investment scams, according to roughly 7,000 reports received since October 2020.
While the paper indicates that mobile phones have become better at implementing MAC address randomization, it also highlights the lack of a standard approach has led to inconsistent implementations.
In February 2021, Bitdefender researchers identified a new RIG Exploit Kit campaign exploiting two scripting engine vulnerabilities in unpatched Internet Explorer browsers.
When the IC3 first began logging complaints in 2000, it took seven years to reach 1 million complaints. Since then, it has taken an average of 29.5 months for each additional million complaints.
Styra's Series B round of funding led by Battery Ventures. Also participating are previous backers A. Capital, Unusual Ventures and Accel; and new backers CapitalOne Ventures and Citi Ventures.
New Zealand's Waikato District Health Board (DHB) has been hit with a ransomware that took down most IT services Tuesday morning and drastically reduced services at six of its affiliate hospitals.
Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than enterprises when trying to identify serious vulnerabilities on their networks.
Utility Trailer Manufacturing, one of the largest U.S. producers of trailers for the trucking industry, was targeted in a ransomware attack that exposed personal information of numerous employees.
It was led by Alive Israel HealthTech Fund, with participation from existing investors Accelmed, RDC, MTIP, CBG London investment company owned by Vincent Tchenguiz, and UAE based investment group.
This week, MalwareHunterTeam shared a sample of what was believed to be a new MountLocker executable that contains a new worm feature to spread to and encrypt other devices on the network.
Following an eight-month audit of the code in the latest infotainment system in Mercedes-Benz cars, security researchers with Tencent Security Keen Lab identified five vulnerabilities.
The cybercriminal group TeamTNT is no stranger to targeting cloud containers, expanding their arsenal to steal cloud credentials, and exploring other environments and intrusive activities.
A new banking trojan, that can harvest bank account logins from Android mobile users, is now spreading quickly in multiple regions. Banking customers are recommended to stay vigilant.
The DBIR report from Verizon provides insights on the growing danger of phishing and ransomware attacks while digging into unique insights on the impact of the COVID-19 pandemic on the data breach landscape.
ReaQta will invest the Series A funding, led by Alpha Intelligence Capital, towards expanding its commercial operations and footprint, particularly across Europe and Asia.
Two fresh waves of attacks including SSL-stripping attacks and scheme flooding have been observed crippling Tor users. Users are recommended to keep the web browser updated to fix any exploitable vulnerability.
In a statement issued on May 17, the manufacturer said that the assault prompted it to institute “containment procedures, including pro-actively shutting down certain IT systems and applications”.
Ubuntu Security Notice 4961-1 - It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository.
Ubuntu Security Notice 4960-1 - Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host filesystem into the container and escalate privileges.
Red Hat Security Advisory 2021-2033-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2021-2032-01 - The slapi-nis packages contain the NIS server plug-in and the Schema Compatibility plug-in for use with the 389 Directory Server. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2021-2042-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2021-2034-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk show more ...
every once in a while, or by appending each command to a log. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2021-2036-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2021-2026-01 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2021-2025-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2021-2024-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
Red Hat Security Advisory 2021-2037-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2021-2040-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2021-2041-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red show more ...
Hat OpenShift Container Platform. Issues addressed include bypass and denial of service vulnerabilities.
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
Red Hat Security Advisory 2021-2028-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
Red Hat Security Advisory 2021-2027-01 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2021-2039-01 - This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes. Issues addressed include XML injection and remote SQL injection vulnerabilities.
Ubuntu Security Notice 4945-2 - USN-4945-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. This update provides the corresponding Linux kernel updates targeted specifically for Raspberry Pi devices in those same Ubuntu Releases. It was discovered that the Nouveau GPU driver in the show more ...
Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2021-2021-01 - Red Hat OpenShift Serverless 1.10.2 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2021-1989-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
Red Hat Security Advisory 2021-1979-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2021-1983-01 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2021-1600-01 - The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-1586-01 - GNOME is the default desktop environment of Red Hat Enterprise Linux. Issues addressed include code execution, insecure permissions, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-1702-01 - Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose show more ...
compression methods. It is similar in speed with deflate but offers more dense compression. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-2053-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Ubuntu Security Notice 4962-1 - It was discovered that Babel incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
Red Hat Security Advisory 2021-2046-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.6, and show more ...
includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.7 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution and information leakage vulnerabilities.
Ubuntu Security Notice 4963-1 - It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash or hand, resulting in a denial of service.
Red Hat Security Advisory 2021-2047-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.6, and show more ...
includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.7 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution and information leakage vulnerabilities.
Red Hat Security Advisory 2021-2048-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.6, and show more ...
includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.7 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution and information leakage vulnerabilities.
Red Hat Security Advisory 2021-1552-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.11.
Red Hat Security Advisory 2021-2051-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.6, and show more ...
includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.7 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution and information leakage vulnerabilities.
Red Hat Security Advisory 2021-1551-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.11. Issues addressed include a resource exhaustion vulnerability.
Mozilla has begun rolling out a new security feature for its Firefox browser in nightly and beta channels that aims to protect users against a new class of side-channel attacks from malicious sites. Called "Site Isolation," the implementation loads each website separately in its own operating system process and, as a result, prevents untrusted code from a rogue website from accessing
Google on Tuesday announced a new feature to its password manager that could be used to change a stolen password automatically with a single tap. Automated password changes build on the tool's ability to check the safety of saved passwords. Thus when Chrome finds a password that may have been compromised as part of a data breach, it will prompt users with an alert containing a "Change Password"
DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups. "In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said. "
I hope you're being cautious if you're installing extensions from the Chrome Web Store for your browser and care about your online security. Because it's reported that a bogus Chrome add-on purporting to be "Microsoft Authenticator" successfully managed to sneak its way in, and duped hundreds of people into downloading it. Read more in my article on the Hot for Security blog.
