A new set of significant vulnerabilities in the Realtek RTL8170C Wi-Fi module has been disclosed. These flaws allow an attacker to exploit and therefore gain elevated privileges on a device. Security researchers from Israeli IoT security firm Vdoo said in a write-up that "Successful exploitation would lead to show more ...
New York's Metropolitan Transportation Authority computer systems was hacked, triggering an onslaught on the largest transit system in North America, according to NY Times. The agency received an alert from the FBI and other government agencies that three of its 18 computer systems had been attacked. The MTA show more ...
Fancy Product Designer, a WordPress plugin used on over 17,000 websites, contains a critical file upload vulnerability that is currently being exploited in the wild to upload malware to websites where the plugin is installed. The vulnerability was identified by Wordfence's Threat Intelligence team and reported show more ...
Fujifilm is investigating a ransomware attack and has shut down part of its network to prevent the infection from spreading, according to BleepingComputer. Fujifilm, commonly known simply as Fuji, is a Japanese multinational company headquartered in Tokyo, Japan that began with optical films and cameras. It has show more ...
Last month, a popular Russian-language underground forum sponsored a contest that invited its users to submit illegal techniques for conducting Bitcoin attacks, according to The Hacker News. In an announcement made on April 20, 2021, the forum's administrator invited members to submit papers evaluating the show more ...
President Joe Biden will discuss cyberattacks with Russian President Vladimir Putin at their bilateral summit later this month in Switzerland, amid a surge in ransomware attacks on American companies by Russia-based hacking gangs. Biden told USA Today News on Tuesday that the White House is looking closely at whether show more ...
In Into the Mind of an IoT Hacker at RSA Conference 2021, security specialists Itzik Feiglevitch and Justin Sowder brought up the issue of vulnerability of various IoT devices and the special treatment they require from corporate cybersecurity. They offered a few stunning examples showcasing the state of IoT security show more ...
It only took 203 episodes of the Kaspersky Transatlantic Cable podcast for us to change up the format a bit. We teased it over the past few weeks, and this week Ahmed Abdelghani joins Dave and me, bringing a breath of fresh air to episode 204. We open the show with a hidden gem of a crime. British authorities thought show more ...
While companies of all sizes are still working out the details of what the return to work looks like, the consensus is overall the same — the pandemic forever changed how and where we work.
These vulnerabilities Talos discovered could allow an attacker to carry out various malicious actions, including corrupting memory on the victim machine and executing remote code.
The hackers did not gain access to systems that control train cars and rider safety was not at risk, transit officials said, adding that the intrusion appeared to have done little, if any, damage.
Check Point Research said that the backdoor has been designed, developed, tested, and deployed over the past three years to compromise a Southeast Asian nation's Ministry of Foreign Affairs.
FireEye said Wednesday it’s selling its products business, including the FireEye name, to a consortium led by private-equity firm Symphony Technology Group for $1.2 billion in cash.
The world’s largest meat processing company has resumed most production after a weekend cyberattack, but experts say the vulnerabilities exposed by this attack and others are far from resolved.
The PPC ads targeted specific IP ranges in the US and probably some other countries. Non-targeted IPs are redirected to legitimate pages that download the correct applications.
Operational technology (OT) is the cyber physical foundation that enables the world’s factories, energy production and transmission facilities, transportation networks, and utilities to function.
The WebKit browser engine contains a use-after-free flaw in its GraphicsContext function which could be triggered by a malicious web page to cause a potential information leak and memory corruption.
A cyber-espionage hacking group is believed to have hacked the website of the Myanmar president’s office and planted a backdoor trojan inside a localized Myanmar font package.
Founded in 2013, the Austin, Texas-based company provides organizations with security and management solutions to keep corporate apps and data protected on employees’ personal mobile devices.
The recovery cost of a ransomware attack tripled from $1.1m in 2020 to $3.38m in 2021 as India topped the list of 30 countries worldwide for ransomware attacks, a new report said on Tuesday.
The company said it has been aware of the possibility of a ransomware attack since the late evening of June 1, 2021, and that they have taken steps to suspend all affected systems.
SMTP (Simple Mail Transfer Protocol, the main email transmission protocol in TCP/IP networks) offers no protection against spoofing, so it is fairly easy to spoof the sender’s address.
Group-IB has discovered a database and source code allegedly belonging to a bulletproof hosting provider named DDoS-Guard posted for sale on a cybercrime forum on May 26.
The total number of incidents grew by 51% since 2019. Seven out of 10 attacks were targeted. The most popular targets were governments (19%), industrial companies (12%), and medical institutions (9%).
Although the bot was first discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different C2 communications and the addition of new exploits for spreading.
A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications.
The Altdos hacker group claimed to have accessed the retailer's membership database, stolen information from it, and used the data to blackmail Audio House, the retailer added.
Experts laid bare the tactics adopted by Chinese threat actors to consistently exploit Pulse Secure VPN devices and drop malware to exfiltrate sensitive information. Looking at the scenario, security agencies need to buckle up for more challenging events and detect such threats to stay protected against them.
Google researchers detail Half-Double, another Rowhammer attack technique, that could help criminals bypass current defenses and steal or manipulate data stored in memory. This recent study on the new Rowhammer bug variant is expected to help both researchers and industry partners to work together and develop a solution to fix this problem.
Proof of concept exploit for a remote code execution vulnerability in Microsoft's RDP service.
Exim versions prior to 4.90.1 remote buffer overflow proof of concept exploit.
Cisco SD-WAN vManage version 19.2.2 remote root shell proof of concept exploit that leverages multiple vulnerabilities.
Proof of concept exploit for the OpenSLP heap overflow in VMware ESXi versions 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, and 6.5 before ESXi650-202102101-SG.
Ubuntu Security Notice 4980-1 - Kevin Backhouse discovered that polkit incorrectly handled errors in the polkit_system_bus_name_get_creds_sync function. A local attacker could possibly use this issue to escalate privileges.
Red Hat Security Advisory 2021-2229-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2021-2230-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information leakage, and insecure permissions vulnerabilities.
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
Gstreamer suffers from a use-after-free vulnerability in Matroska demuxing.
Red Hat Security Advisory 2021-2238-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
Gitlab version 13.9.3 authenticated remote code execution exploit.
Red Hat Security Advisory 2021-2235-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2021-2237-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2021-2243-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. This enhancement update adds the rust-toolset-1.49 packages to Red Hat Developer Tools. Issues addressed include double free and use-after-free vulnerabilities.
4Images version 1.8 suffers from a cross site scripting vulnerability.
This is a whitepaper that details exploitation of the XAMPP file overwrite vulnerability.
Red Hat Security Advisory 2021-2239-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only show more ...
FUDForum version 3.1.0 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2021-2233-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged show more ...
Red Hat Security Advisory 2021-2236-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
Ubuntu Security Notice 4979-1 - Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service. Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate show more ...
Ubuntu Security Notice 4978-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, re-enable camera devices without an additional permission prompt, spoof the browser UI, or show more ...
Ubuntu Security Notice 4977-1 - Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service. Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate show more ...
Red Hat Security Advisory 2021-2214-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR.
A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications. "Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module," researchers
An ongoing cyber-espionage operation with suspected ties to China has been found targeting a Southeast Asian government to deploy spyware on Windows systems while staying under the radar for more than three years. "In this campaign, the attackers utilized the set of Microsoft Office exploits and loaders with anti-analysis and anti-debugging techniques to install a previously unknown backdoor on
New upgrades have been made to a Python-based "self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection. "Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control (C2) communications and the
Major software vulnerabilities are a fact of life, as illustrated by the fact that Microsoft has patched between 55 and 110 vulnerabilities each month this year – with 7% to 17% of those vulnerabilities being critical. May had the fewest vulnerabilities, with a total of 55 and only four considered critical. The problem is that the critical vulnerabilities are things we have seen for many years,
Graham Cluley Security News is sponsored this week by the folks at 1Password. Thanks to the great team there for their support! The majority of enterprise data breaches are still tied to weak password and secrets management habits among employees. 1Password’s new white paper highlights these and other findings show more ...
The US military has been caught exposing its nuclear weapons secrets, and we explore the world of nerdy miners. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
The Conti ransomware gang has successfully managed to extort millions of dollars out of an organisation once again. What's notable on this occasion is that the Conti group's corporate victim is ExaGrid, a backup company.
Cybercriminals are running an online competition offering big prizes to anyone who believes they have found an unusual way to help crooks steal cryptocurrency. Read more in my article on the Tripwire State of Security blog.
