According to four people familiar with the attack, who were not allowed to speak publicly about it, the cyberattack against JBS SA was carried out by a known Russian-linked hacking group, as Bloomberg notes. The cyber gang is known as REvil or Sodinokibi. While it is not known if all of REvil's hackers are show more ...
Since 2012, a cybercriminal from North Korea has been behind a new espionage operation targeting high-level government officials connected to their southern counterparts. According to The Hacker News, the role was to install an Android and Windows backdoor to collect critical information. Malwarebytes attributes the show more ...
Facebook has funded a study on Apple's new iOS 14 App Tracking Transparency enhancements, that claim to be solely for Apple's benefit. SSRN, the company that conducted the study, thanks Facebook for its assistance in sponsoring this report. They also say that the opinions expressed in the study are solely show more ...
ExaGrid has paid a $2.6 million ransom to cybercriminals who targeted the company with the Conti ransomware, according to Computer Weekly. According to information obtained by LeMagIT, the ransom was paid in the form of 50.75 Bitcoins on May 13. The caving in to the ransomware attackers' demands became even show more ...
According to Blizzard, they are under massive DDoS attack, that may cause significant latency and disconnections for some gamers. The company also says that it's working hard to address this issue. Blizzard Entertainment is a California-based American video game developer and publisher. It created incredibly show more ...
The Reserve Bank of New Zealand was hacked after Accellion failed to post a warning about an actively exploited vulnerability with available patches in its File Transfer Appliance (FTA), according to Itnews. While Accellion had updates available for its FTA product in December 2020 and was alerted to the show more ...
If you can’t find your phone, don’t panic. Exhaust your good options — maybe you misplaced it or lent it to someone, or buried it under some papers — and then, unfortunately, assume it was stolen. If you read our post on how to theft-proof your smartphone and data and followed the tips, then show more ...
First introduced in Firefox 86 in February 2021, this privacy feature was only active until now when users would manually toggle on ETP Strict Mode in the web browser's settings.
In the first half of 2020, ransomware attacks accounted for 41 percent of the total number of filed cyber-insurance claims, according to a Cyber Claims Insurance Report by Coalition.
Any information related to a criminal investigation that is stolen and publicly posted not only endangers those involved but can result in failed prosecutions, says Brett Callow, analyst at Emsisoft.
The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a North Korean threat actor that has been active since 2012. It conducts cyber espionage operations against South Korea.
Cybercriminals preferred it as they could register an XMPP/Jabber ID on a secure server that did not save logs and use it to reach out and talk to each other to arrange operations or business deas.
Unauthenticated attackers can achieve RCE on vulnerable clients by combining a reflected cross-site scripting (XSS) bug with a Chromium Embedded Framework (CEF) sandbox escape.
The automatic switch to an HTTPS connection will protect Edge users from man-in-the-middle (MITM) attacks attempting to snoop on data exchanged with websites over unencrypted HTTP connections.
The US Justice Department announced that it has seized two command-and-control and malware distribution domains that were used as part of a recent phishing attack identified by Microsoft last week.
OpenPGP project RNP has patched its flagship product in the newest version 0.15.1, after Mozilla Thunderbird, a major user, was found to be saving users’ private keys in plain text.
A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions.
REvil, a notorious Russia-linked hacking group is behind the cyberattack against JBS SA, according to four people familiar with the assault who were not authorized to speak publicly on the matter.
Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has been acknowledged, it's yet to be addressed.
Exploits for vulnerabilities in Microsoft’s Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.
The ongoing multi-vendor investigations into the SolarWinds mega-hack took another twist this week with the discovery of new malware artifacts that could be used in future supply chain attacks.
The Steamship Authority said a team of IT professionals was assessing the impact of the attack. "Additional information will be provided upon completion of the initial assessment," the company said.
Many cybercriminals who sell ransomware-as-a-service campaigns offer a DDoS attack as an extra service. "It's a little bit ransom, a little bit DDoS extortion, and a lot of trouble," NETSCOUT said.
AMT Games, which has produced a string of mobile and social titles with tens of millions of downloads between them, exposed 1.5TB of data via a misconfigured Elasticsearch server.
AMSI's integration with Office 365 was recently upgraded to include Excel 4.0 (XLM) macro scanning to try and combat the increase of malicious macros as an infection vector.
Scripps Health announced that it has begun notifying nearly 150,000 individuals that their personal information was stolen by hackers during the ransomware attack on May 1.
According to Blizzard, they are under massive DDoS attack, which may cause significant latency and disconnections for some gamers. The company also says that it's working hard to address this issue.
ReFirm’s firmware analysis technology will advance Microsoft’s capabilities to help secure IoT and OT devices via Azure Defender for IoT which was recently enhanced with the acquisition of CyberX.
The entry period just ended for a Russian cybercriminal hacker forum’s call for papers to advance the science of stealing, with the best submissions receiving cash prizes.
An attacker with network access to the targeted device can make unauthorized changes to its configuration, cause it to enter a DoS condition, and obtain sensitive information.
DarkSide’s attack on Colonial Pipeline did not just thrust the gang onto the international stage but also cast a spotlight on a rapidly expanding criminal industry based primarily in Russia.
Foreign hackers made their way into the webserver of a local U.S. municipal government after exploiting vulnerabilities in an unpatched Fortinet VPN appliance. The FBI shared IOCs for the same.
Misconfigured Docker daemon is a well-known security issue. Palo Alto Networks deployed a honeypot mimicking a misconfigured Docker daemon and found that three-fourth of attacks were cryptojacking attacks.
Bitdefender researchers have discovered a batch of new malicious Android applications that impersonate real ones from popular brands but with a twist to spread TeaBot and FluBot malware.
This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the path_php_binary value is changed within the settings table to a payload, and an update is called to execute the payload. After calling the payload, the value is reset.
Thecus N4800Eco NAS server control panel suffers from a command injection vulnerability.
Red Hat Security Advisory 2021-2185-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-2184-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a denial of service vulnerability.
Seo Panel version 4.8.0 suffers from multiple cross site scripting vulnerabilities.
Backdoor.Win32.Delf.acz malware suffers from a buffer overflow vulnerability.
Ubuntu Security Notice 4974-1 - It was discovered that Lasso did not properly verify that all assertions in a SAML response were properly signed. An attacker could possibly use this to impersonate users or otherwise bypass access controls.
Products.PluggableAuthService version 2.6.0 suffers from an open redirection vulnerability.
Intel Audio Service version 01.00.1080.0 suffers from an unquoted service path vulnerability.
Red Hat Security Advisory 2021-2191-01 - The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.
Apache Airflow versions 1.10.10 and below suffer from a remote code execution vulnerability.
Red Hat Security Advisory 2021-2190-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.
GetSimple CMS version 3.3.4 suffers from an information disclosure vulnerability.
Days after Microsoft, Secureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice (DoJ) Tuesday said it intervened to take control of two command-and-control (C2) and malware distribution domains used in the campaign. The court-authorized domain seizure 1m took place on May
Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed. Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has
A top Russian-language underground forum has been running a "contest" for the past month, calling on its community to submit "unorthodox" ways to conduct cryptocurrency attacks. The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and
A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information. Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Korea
The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening. Just as it wasn’t raining when Noah built the ark, companies must face the fact
The Babuk ransomware gang is reinventing itself. It says it's no longer interested in encrypting victims' data, but will be focusing on stealing information instead. Read more in my article on the Hot for Security blog.
While 2021 will, unfortunately, play host to a wide variety of threats, it’s unlikely any factor will feature more prominently than cryptocurrency. Two types of attacks leverage cryptocurrency directly: extortion and cryptojacking. Before cryptocurrency, cybercriminals worked a lot harder to get paid a lot less. show more ...
