According to a new WhiteHat Security research, more than 66% of all utility programs had at least one exploitable vulnerability exposed on a yearly basis. Many of these vulnerabilities are "pedestrian," meaning they require little effort or skill to discover. The report, titled AppSec Stats Flash, shows that show more ...
BlackBerry Threat Research and Intelligence revealed Wednesday that a new ChaChi Trojan is being used as a critical component in executing ransomware operations against government organizations and U.S. schools, says ZDNet. The original version of the Remote Access Trojan (RAT), identified in the first half of 2020, show more ...
Cybercriminals are running more and more malicious payloads via Virtual Machines, according to Symantec Threat Hunter Team. Help Net Security investigated an attempted ransomware attack that was executed via a VirtualBox Virtual Machine created on some compromised computers. Unlike the documented RagnarLocker attacks show more ...
As ransomware attacks have become more sophisticated, Microsoft cybersecurity researchers are now on the hunt for BazarCall, cybercriminal call centers that manage to spread BazarLoader malware, according to ZDNet. BacarCall, also known as Bazacall, is a cybercriminal gang that has been active since January this year. show more ...
A couple of years ago, we reviewed the “Ring of Power” botnet created by famous cybercriminal Sauron (aka Annatar, aka Mairon, aka Necromancer). However, reports by famous cybersecurity expert J. R. R. Tolkien contain much more than just descriptions of the botnet’s modules. For example, Tolkien show more ...
Welcome to the 207th edition of the Kaspersky Transatlantic Cable podcast! This week, Dave, Ahmed, and I chat about a number of topics — and we also have some changes to our big board of quiz points. We kick things off with a pair of stories about AI and surveillance. The first is from the UK, where AI can now tell show more ...
Forget about Colonial Pipeline and JBS. A coordinated cyber attack on U.S. agriculture could, in short order, lead to foot shortages and hunger in the U.S. and abroad. And history has shown us that when food gets scarce, things get ugly - fast. How likely is such an attack? More likely than you might think, says Rob show more ...
Workforce says it learned of the breach on April 13, 2021, and ‘immediately took steps to secure the network.’ Workforce West Virginia reports that files were not downloaded, extracted or manipulated.
It was led by Prefix Capital and ForgePoint Capital, with participation from Accenture Ventures and individual investors Tom Gonser, Omkhar Arasarathnam, Bob Gleichauf, David Tsao, and Sameer Sait.
Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations and forced the company to take its systems offline.
In all, the vulnerabilities affect 128 Dell models spanning across consumer and business laptops, desktops, and tablets, totalling an estimated 30 million individual devices.
Tracked as CVE-2021-21999 and featuring a CVSS score of 7.8, the issue is a local privilege escalation that requires for an attacker to have normal access to a VM for successful exploitation.
The investment from Silver Lake comes in the form of convertible notes and Splunk says it plans on using the money to “fund growth initiatives and manage its capital structure.”
Patari.pk, a Pakistani music streaming site has suffered a data breach in which its database containing personal data and login credentials of over 257,000 users has been leaked on hacker forums.
French Connection has become the latest victim of ransomware, with a gang understood to be linked to REvil having penetrated its back-end - making off with a selection of private internal data.
Once infected by Ursnif and upon attempting to access their banking account, victims are advised that they won’t be able to continue to use their bank’s services without downloading a security app.
While effective in hiding ransomware activity, the tactic of using virtual machines is more complex than a traditional ransomware attack and may hamper the attackers' efforts.
Researchers found a novel class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers.
The number of ransomware attacks is growing for a simple reason, hackers are getting paid. The willingness to pay creates a dangerous loop and increases the motivation of attackers.
Even though the motive behind the breach is not clear, local media reports that it is suspected to be a warning shot from hackers as the little noticeable damage has yet to come out from the breach.
Zero trust segmentation solutions provider Illumio announced that it has raised $225 million in a Series F funding round, which brings the total raised by the company to more than $550 million.
Researchers disclosed critical flaws in the Atlassian platform that could be exploited for account takeover attacks and to control some of the apps connected through its SSO capability.
Zyxel has emailed customers this week to alert them about a series of attacks that have been targeting some of the company’s high-end enterprise-focused firewall and VPN server products.
In mid-March 2021, Kaspersky researchers observed two new spam campaigns. The messages in both cases were written in English and contained ZIP attachments or links to ZIP files.
A Pakistan-linked threat actor has been striking government and energy organizations in the South and Central Asia regions to deploy a trojan on compromised Windows systems, according to new research.
The members of the Cl0p ransomware gang that were arrested in Ukraine as part of an international law enforcement action also operated money laundering services for multiple cybercrime groups.
The research team from BlackBerry Threat Research and Intelligence said on Wednesday that the malware, dubbed ChaChi, is also being used as a key component in launching ransomware attacks.
Sonatype researchers have recently discovered malicious packages in PyPI, a software code repository, that turns developers’ workstations into cryptomining machines.
Manufacturers are still pelted by cyberattacks left, right, and center. A survey published by Morphisec has found that one in five manufacturing companies in the sector has been compromised in a cyber incident.
Experts analyzed a Linux version of the DarkSide ransomware, the group responsible for the Colonial Pipeline attack, and claimed that it targeted VMware virtual machines. Though DarkSide has purportedly shut down its operations, organizations are recommended to implement adequate security measures to stay protected against ransomware infections.
This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php.
Ubuntu Security Notice 5004-1 - It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
Trojan-Dropper.Win32.Krepper.a malware suffers from an unauthenticated remote command execution vulnerability.
Red Hat Security Advisory 2021-2543-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include code execution and denial of service vulnerabilities.
Trojan-Dropper.Win32.Juntador.a malware suffers from having a weak hardcoded password.
TP-Link TL-WR841N suffers from a remote command injection vulnerability.
Huawei DG8045 ships with a default password that is the last 8 character of the device's serial number listed on the back.
Trojan.Win32.Banpak.kh malware suffers from an insecure permissions vulnerability.
Adobe ColdFusion 8 remote command execution exploit.
Trojan.Win32.SecondThought.ak malware suffers from an insecure permissions vulnerability.
Backdoor.Win32.ReverseTrojan.200 malware suffers from an authentication bypass vulnerability.
VMware vCenter server versions 6.5, 6.7, and 7.0 unauthenticated remote code execution exploit.
Controversial mogul and antivirus pioneer John McAfee on Wednesday died by suicide in a jail cell in Barcelona, hours after reports that he would be extradited to face federal charges in the U.S. McAfee was 75. He is said to have died by hanging "as his nine months in prison brought him to despair," according to McAfee's lawyer Javier Villalba, Reuters reported. Security personnel at the Brians
VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and affects App Control (AppC) versions 8.0.x, 8.1.x,
Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. "As the attacker has the ability to remotely execute code in the pre-boot environment, this can be used to subvert the operating
Enterprise applications used to live securely in data centers and office employees connected to internal networks using company-managed laptops or desktops. And data was encircled by a walled perimeter to keep everything safe. All that changed in the last 18 months. Businesses and employees had to adapt quickly to cloud technology and remote work. The cloud gave businesses the agility to respond
Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on (SSO) capability. "With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get sensitive information,
We take a look at why Peloton is being accused of ransomware-like behaviour, how one man lost $250,000 in a romance scam, and how a chap called Weiner has found himself in a political pickle. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer show more ...
