Ukrainian law enforcement officials reported the arrest of the Clop ransomware group on Wednesday. The organization had been disrupting infrastructure and carrying attacks around the world since at least 2019, according to The Hacker News. Six defendants were charged as part of an international operation involving show more ...
Ukraine's National Police and authorities from Interpol, Korea, and the United States for running a double extortion scheme that threatened victims who refused to pay a ransom with the leak of sensitive financial, customer, or personal data. According to National Police, the ransomware attacks caused a whopping $500 million in damag... (read more)
Relations between the U.S. and Russia slightly improved during the summit in Switzerland, despite the EU's prediction that relations will deteriorate, according to EU Observer. U.S. President Joe Biden and Russian President Vladimir Putin agreed to reinstate their respective ambassadors to Moscow and Washington. show more ...
They also agreed to start new talks on cybersecurity and nuclear arms control, but no details, such as dates, were given. These were the only tangible decisions made during their 3 hour meeting Wednesday at an 18th-century mansion on the shores of Lake Geneva (June 16). Biden warned Putin to avoid carrying out cyberattacks on the United States Biden also warned Putin not to carry out cyberattacks ... (read more)
A malware campaign targeting South Korean organizations was attributed to a North Korean nation-state hacking group called Andariel. This development shows that Lazarus attackers are keeping up with trends and expanding their arsenal, according to The Hacker News. Kaspersky Lab stated in a detailed report, "The show more ...
way Windows commands and their options were used in this campaign is almost identical to previous Andariel activity". The attack affected the lives of people working in manufacturing, home network services, media, and construction. Andariel, a member of the Lazarus Constellation, is notorious for lau... (read more)
According to a report to London Stock Exchange on Wednesday, says Global Legal Post, Gateley has been the victim of a cyberattack. Luckily, the impact was minimal and it did not affect the daily operations too much. After discovering that its systems had been accessed by an external source, the company commented show more ...
that it was dealing with a cybersecurity incident. Gateley stated that the firm's team IT quickly discovered the attack and worked to secure the firm's systems. Rod Waldie, Gateley’s CEO, stated: “IT security is of paramount importance to Gateley and we had carefully planned for the occurrence of risk that a cyber breach could have on the business. Incidents of this nature are, sadly, prevalent. I am grateful that the prompt actions of our IT team have limited the impact of this incident and enab... (read more)
Facebook plans to further research Deepfakes technology to protect itself from future threats, though it's not a big issue for the company right now, according to The Verge. The latest study is a collaboration with academics at Michigan State University (MSU) and focuses on developing a method for show more ...
reverse-engineering deepfakes: Examining AI-generated images to discover characteristic features of the machine learning model behind them. The work is crucial because it might help Facebook track down cybercriminals who are spreading deepfakes on its own social networks. This content ca... (read more)
This week, Jeff, Ahmed, and I kick off episode 206 of the Transatlantic Cable podcast with a discussion about Ireland’s change in stop and search law, including a new law allowing police to force people to unlock digital devices such as phones and tablets. From there, we move on to further discussion of show more ...
ransomware and the recent G7 talks, with US President Biden seeking tougher stances on ransomware gangs. We also touch on the JBS meat processing company’s recent decision to pay ransom to REvil. To wrap up, we talk about the recent EA hack and Facebook’s singing about WhatsApp privacy cred in a new advertisement. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Irish police to be given powers to make people hand over passwords Russia told to tackle cyber criminals operating from within its borders Beef supplier JBS paid ransomware hackers $11 million Hackers Steal FIFA 21 Source Code, Tools In EA breach WhatsApp launches privacy campaign after backlash
If you are a longtime reader of our blog, you probably keep your passwords in a dedicated password manager rather than on a notepad or a sticky note on your monitor. But did you know that Kaspersky Password Manager is not just a secure vault? It can do much more for your security. Read on to learn how to use our show more ...
password manager to its fullest and how to make your passwords much stronger. 1. Audit your passwords Kaspersky Password Manager can both store your passwords and check their strength. It analyzes which ones you reuse on different websites, assesses how hackable your passwords are, and checks for their presence in databases of compromised logins and passwords. Where do those databases come from? Unfortunately, Web services are frequent hacking targets. As a result, cybercriminals end up with entire data sets of logins and passwords — typically hashed, but occasionally in an open form that humans can read. That is why, even if your password for any given site is strong, you shouldn’t reuse it anywhere else. If you do, and just one of those sites gets hacked becomes compromised that compromises your other accounts as well. That’s why in addition to notifying you if one of your passwords has been compromised, Kaspersky Password Manager will notify you if you’ve used a password in several places and help fix the problem. The app will also display an alert if a password is too weak — too short or too common — and therefore crackable. Kaspersky Password Manager’s dashboard always displays the number of weak, reused, and compromised passwords in your password vault. For a detailed report, click Learn more or go to Password Check. The dashboard of Kaspersky Password Manager always shows the number of weak, reused, and compromised passwords. Be sure to change those! If Kaspersky Password Manager deems any of the passwords insecure, use its built-in generator to get superstrong combinations of characters with just a click. 2. Create strong combinations of characters with Password Generator Kaspersky Password Manager can both store the passwords you come up with and generate strong combinations of characters that are very difficult for cybercriminals to crack. Such passwords are not easy to remember, but you don’t need to; the password manager fills in the right password on login pages. To create a strong, randomly generated password, open Kaspersky Password Manager and go to Password Generator. Select a length and set of allowable characters for the password. For example, some websites, in addition to having requirements such as one number and two capital letters, prohibit the use of certain characters. You do not have to remember generated passwords, so set a good length, say, 20 characters or more. As a bonus, this process makes eliminating duplicate passwords a piece of cake. Just generate a new one for each site and Kaspersky Password Manager will remember them all for you. 3. Set a strong master password When you use a password manager, all of the keys are stored inside one chest, so to speak, so the key to that chest — that is, the master password for Kaspersky Password Manager — must be highly hack-proof. A reliable master password should be long — certainly not fewer than 10 or 12 characters, and twice that length would be better — and hard to guess. In general, you have three options for creating a good master password: Generate a combination of random characters in Kaspersky Password Manager and memorize it; Use a mnemonic technique for creating strong but easy-to-remember passwords. For example, security expert David Jacoby has some suggestions; Build a password from simple words, but make it quite long — say, about 30 characters. That kind of password is easy to remember and convenient to enter, and the length compensates for the lack of randomness. Now that you have come up with a good master password, and the dashboard indicates that all of your passwords are strong and unique, you are using Kaspersky Password Manager to its fullest. Congratulations! A recap To sum up, here is how to make your passwords stronger with Kaspersky Password Manager: Set the strongest master password you can remember for the password manager; Use Kaspersky Password Manager’s random password generator for creating all other passwords. You do not need to remember them — the password manager will do that — so make them extremely hack-proof; Check Kaspersky Password Manager’s dashboard for weak, duplicate, and compromised passwords, and immediately change any password that shows up on one of those lists.
Criminal gangs swoop in on unsuspecting merchants to seize their goods. Behind the scenes, rival nations turn a blind eye or offer them safe harbor, in exchange for cooperation. Sound familiar? It should. The post Episode 217: What Fighting Pirates Teaches Us About Ransomware appeared first on The Security Ledger with show more ...
Paul F. Roberts. Related StoriesEpisode 214: Darkside Down: What The Colonial Attack Means For The Future of RansomwareEpisode 216: Signed, Sealed and Delivered: The Future of Supply Chain SecurityEpisode 212: China’s Stolen Data Economy (And Why We Should Care)
As per a new report, younger employees are most likely to admit they cut cybersecurity corners, with 51% of 16-24-year-olds and 46% of 25-34-year-olds reporting they’ve used security workarounds.
It is an out-of-bounds read vulnerability in the software that could allow an attacker to obtain sensitive information, cause a denial of service or carry out a distributed denial-of-service attack.
The group attacked aerospace, defense, government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan.
Six types of vulnerabilities in Schneider's PowerLogic communication gateways could be exploited to access devices, launch denial-of-service (DoS) attacks, and for remote code execution.
Some 80% of businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack, amongst which 46% believe it to be caused by the same attackers.
According to European researchers, the GEA/1 encryption algorithm used by GPRS phones in the 1990s was seemingly designed to be weaker than it appears to allow eavesdropping.
The SEC announced Tuesday that it has settled charges with First American Financial over its 2019 leak of sensitive customer information that exposed more than 800 million document images.
While investigating the MobileInter skimmer, researchers observed that some bit2check domains share the same hosting pattern as Magecart domains observed abusing Alibaba and Google hosting services.
For the last six years, hackers have stalked Iranian dissidents with spying tools that mimic the software those dissidents use to protect their communications, security firm Kaspersky said Wednesday.
Russian President Vladimir Putin on Wednesday said his country and the United States had agreed to enter into "consultations" on cybersecurity following his summit with President Joe Biden.
The latest funding round was co-led by Bessemer Venture Partners’ Century II fund and 40 North Ventures, with participation from I Squared Capital’s ISQ Global InfraTech Fund and previous investors.
New research shows that ransomware attackers are shifting from using email messages as an intrusion route to purchasing access from cybercriminals that have already infiltrated target networks.
An organisation whose network was infected by Ryuk ransomware has spent $8.1m over seven months recovering from it – and that’s still not the end of it, according to US news reports.
The commercial legal services firm said it had informed relevant regulators and law enforcement agencies along with the country's Information Commissioner's office about the breach.
Backups can be damaged, untested, difficult to deploy, encrypted by attackers, or restore to the same breached state they backed up. They don’t remove hackers and address other forms of disruption.
Malware and all of its various forms has grown increasingly stealthy and sophisticated in recent years. Also on the rise: Its ability to fly under cybersecurity software's radar.
Last week, hackers breached the private email account of Michal Dworczyk, the head of the Polish Prime Minister’s office and member of the ruling Law and Justice party (PiS).
In the last 30 days, over 2300 new domains were registered about Amazon, a 10% increase from the previous Amazon Prime Day, where the majority now are either malicious or suspicious.
In a recent report, Nuspire revealed that attacks against Fortinet’s SSL-VPN had jumped to 1,916% in the first quarter of 2021. It was also identified that there was a 1,527% spike in attacks against Pulse Secure VPN.
Stillwater Medical Center was hit with a ransomware attack on June 13 and is currently operating under electronic health record downtime as it attempts to bring its systems back online.
Unit42 researchers found several organizations impacted by Matanbuchus including a large university and high school in the United States, as well as a high-tech organization in Belgium.
Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach with an objective to steal funds stored in victims' cryptocurrency wallets.
The APT group is capable of stealing victims’ system information, take screenshots, and write, move, or delete files. A subset of the victims were targeted with data collection executables that sought out removable media.
Mandiant determined the installers were malicious in early June and notified the victim of a potential website compromise, which may have allowed UNC2465 to replace the legitimate downloads.
The bipartisan draft by Senators Mark Warner, Marco Rubio, and Susan Collins, reflects a renewed effort by Congress to pass long-awaited federal rules surrounding cybersecurity breach notifications.
The threat actor is believed to be active for a decade, with a history of striking organizations primarily located in Israel and Palestine, and spanning multiple industry sectors and governments.
Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims’ credentials.
Genesis Market is an invite-only underground marketplace where cybercriminals can source cookies that have been lifted from hacked computers for a cornucopia of services.
Ubuntu Security Notice 4991-1 - Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16. show more ...
04 ESM. Zhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. Various other issues were also addressed.
Red Hat Security Advisory 2021-2479-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a cross site scripting vulnerability.
Ubuntu Security Notice 4990-1 - It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use show more ...
this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that show more ...
logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will trigger code execution when deserialized. Tested against SharePoint 2019 and SharePoint 2016, both on Windows Server 2016.
This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user.
Red Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This show more ...
release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2021-2472-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-2469-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP show more ...
service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-2471-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution show more ...
of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-2467-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2021-2461-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private show more ...
cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include denial of service and integer overflow vulnerabilities.
Ubuntu Security Notice 4989-2 - USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Various other issues were also addressed.
A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory requirements. Companies in the EU must have password policies that are compliant with the General Data
Cybersecurity researchers have disclosed a new executable image tampering attack dubbed "Process Ghosting" that could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system. "With this technique, an attacker can write a piece of malware to disk in such a way that it's difficult to scan or delete it — and where it then executes the
A Middle Eastern advanced persistent threat (APT) group has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government entities associated with geopolitics in the region in a rash of new campaigns observed earlier this month. Sunnyvale-based enterprise security firm Proofpoint attributed the activity to a politically motivated threat actor it
Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan (RAT) capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat (APT)
Video gaming giant Electronic Arts suffers a hack following slack security, the Japanese Olympics are proving unpopular with everyone apart from cybercriminals, and le coq est mort. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Six people alleged to be part of the notorious CLOP ransomware gang have been detained and charged by Ukrainian police, following nearly two dozen raids across the country. Read more in my article on the Tripwire State of Security blog.
