REvil, one of the world's most popular ransomware organizations, appears to have vanished since Tuesday morning, according to CNBC. Coincidence or not, this occurred just before a meeting between Russian and White House officials to discuss the growing threat of ransomware attacks throughout the world. The REvil show more ...
Bitdefender cybersecurity researchers have discovered a new and improved version of the Trickbot malware that is capable of monitoring and collecting sensitive information. Among its new capabilities is the obfuscation of information transmission between victims and command and control servers. The new malware show more ...
Version 1.8.13 of Etherpad seems to contain two vulnerabilities that enable threat actors to steal sensitive documents, hijack administrator accounts and execute system commands, says The Hacker News. Cybersecurity researchers from SonarSource tracked the two vulnerabilities as CVE-2021-34816 and CVE-2021-34817. A show more ...
A new measure recently filed in the House would provide guidance for K-12 vendors on effective cybersecurity procedures. Furthermore, it aims to offer assistance in setting new funding priorities that benefit educational organizations, according to Edweek. Rep. Doris Matsui introduced the Enhancing K-12 show more ...
On the internet nobody knows if you’re a dog. Scammers on Twitter rely on that and frequently try tricking users into believing that they represent a vendor’s tech support – and then exfiltrate financial information from them. How fraudsters scam people seeking support on Twitter One of the most show more ...
In this week’s episode of the Kaspersky Transatlantic Cable podcast, Ahmed, Jeff and I are back around the virtual round table to talk all things cyber. We kick this week’s episode off with the news that Interpol are urging countries to unite against the ransomware pandemic. From there, we look at how a show more ...
Adobe has released a giant Patch Tuesday security update release that fixes several vulnerabilities in Adobe Dimension, Illustrator, Framemaker, Acrobat, Reader, and Bridge.
While healthcare facilities are under attack by ransomware actors and manufacturing firms keep suffering from supply chain disruption, hackers have resorted to the most basic tactic—phishing emails—for unauthorized access.
It is simple and cheap to set up a fake website, and so cybercriminals can stand new ones up as quickly as detected ones are reported and taken down, thereby making this threat very persistent.
The ransomware hacker gang REvil’s websites are offline, about a week and a half after its attack on IT software vendor Kaseya allowed the criminals to breach hundreds of companies around the world.
A look at part of the REvil group's online infrastructure shows clear lines to Russian and U.K. service providers that, in theory, could help law enforcement agencies but don't appear eager to help.
Microsoft rolled out updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild.
According to the research by Avanan, the most attacked industries are IT, healthcare, and manufacturing. IT saw over 9,000 phishing emails in a one month span for every 10,000 users.
Tonight, Microsoft disclosed that the attacks on the US Defense Industrial Base Sector and software companies are attributed with high confidence to a China-based threat group tracked as 'DEV-0322.'
As fraught as remote management tools may be with security weaknesses, however, giving them up isn't an option for many administrators who depend on them to oversee their networks.
Once its infection routine is completed, this ransomware variant replaces the desktop wallpaper with a dropped .bmp file notifying the victim to look for a file containing instructions.
The company's breach notification statement appears to indicate that the firm paid a ransom in exchange for promises that the attackers would destroy and not further disclose the stolen files.
The Cyberspace Administration of China (CAC) has published new regulations on Tuesday laying out stricter rules for vulnerability disclosure procedures inside the country’s borders.
Criminals targeted security gaps at financial services firms as their staff moved to working from home, according to a report issued by the Financial Stability Board (FSB) on Tuesday.
Based on Microsoft's assessment of the security vulnerability, unauthenticated adversaries require physical access to the target's device to exploit it in high complexity attacks.
An analysis of cryptographic libraries and the vulnerabilities affecting them has concluded that memory handling issues give rise to more vulnerabilities than encryption implementation errors.
T&T Security and Zerde Holding identified at least two documents uploaded on the government’s legal and budget-related sections that were installing a version of the Razy malware on users’ systems.
Law enforcement officials have announced that a more widespread reaction will be forthcoming following the Kaseya ransomware attack that impacted over a thousand companies across the globe last week.
More than 22.8 million patients have been impacted by a health care data breach so far in 2021, a whopping 185% increase from last year, according to a new report from Fortified Health Security.
According to Kaspersky, several Black Widow-themed phishing sites are operating to steal user credentials. One of the sites promised the users an early preview of the movie to lure users.
SolarWinds has been notified by Microsoft of a critical zero-day vulnerability in its Serv-U product line. The research found a limited number of impacted customers. Organizations are suggested to follow the recommendations provided by security agencies and keep reviewing their cybersecurity posture.
Mcafee Labs laid bare a new technique by Hancitor actors that involves the use of cookies to prevent URL scraping and also dropping malware such as CobaltStrike, Pony, Cuba, FickerStealer, and Zeppelin. Experts believe that it is expected to be used in future ransomware attacks and suggest erecting a security wall around the threat.
Kaspersky researchers have revealed an ongoing and large-scale advanced APT campaign with hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities.
The $52.8 billion budget approved by the House panel for DHS includes $2.42 billion for CISA, a hike of $397.4 million and $288.7 million above the Biden administration’s budget request.
The developers of the latest Joker variants, which began emerging in late 2020, are taking advantage of legitimate developer techniques to hide the actual intent of the payload from security tools.
Starting September 1, 2021, the Chinese government will require that any Chinese citizen who finds a zero-day vulnerability must pass the details to the Chinese government.
VMware on Tuesday announced the availability of patches for vulnerabilities impacting its ESXi hypervisor, Cloud Foundation hybrid cloud platform, and ThinApp application virtualization tool.
Illicit cryptomining campaigns are growing strong as cybercriminals continue to evolve their attack techniques and malware. One of the main reasons for the rise is the rapidly growing investments in the cryptocurrency space.
AttackIQ announced a $44 million Series C funding round led by Atlantic Bridge. Also, Kevin Dillon, Co-Founder and Managing Partner at Atlantic Bridge, also joined the company's Board of Directors.
Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote code execution vulnerabilities.
Red Hat Security Advisory 2021-2643-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.38.
Microsoft Windows has an issue where you can use the CreateProcessWithLogon API to escape a write restricted service and achieve full write access as the service user.
Gentoo Linux Security Advisory 202107-33 - Multiple vulnerabilities have been found in Pillow, the worst of which could result in a Denial of Service condition. Versions less than 8.2.0 are affected.
XNU suffers from a network stack kernel heap overflow due to an out-of-bounds memmove in 6lowpan. Proof of concept code included.
This is a proof of concept for a Windows TCP/IP denial of service vulnerability due to a NULL dereference in tcpip.sys. This was patched by Microsoft in February 2021. It is triggerable remotely by sending malicious UDP packet over IPv6.
Proof of concept exploit for an out-of-bounds access vulnerability in the Realtek RTKVHD64.sys, leading to pool corruption.
This is a proof of concept for CVE-2021-28476 ("Hyper-V Remote Code Execution Vulnerability"), an arbitrary memory read in vmswitch.sys (network virtualization service provider) patched by Microsoft in May 2021.
Red Hat Security Advisory 2021-2705-01 - Red Hat OpenShift Serverless 1.16.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more show more ...
WordPress Current Book plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.
Gentoo Linux Security Advisory 202107-32 - Multiple vulnerabilities have been found in Apache Thrift, the worst of which could result in a Denial of Service condition. Versions less than 0.14.1 are affected.
Red Hat Security Advisory 2021-2704-01 - Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include a memory exhaustion vulnerability.
Webmin version 1.973 suffers from a cross site request forgery vulnerability.
Ubuntu Security Notice 5006-2 - USN-5006-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting show more ...
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.
Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems. Of the 117 issues, 13 are rated Critical, 103 are rated Important, and one is rated as Moderate in severity,
Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution (RCE) exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322." The revelation comes days after the Texas-based IT monitoring software maker issued fixes for the flaw that could enable adversaries to remotely run arbitrary
A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response. Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions. XDR has been referred to as the next step in the evolution of Endpoint
Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. The arrests were made in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz), and Aranda de Duero (
REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down. Multiple darknet and clearnet sites maintained by the Russia-linked cybercrime syndicate, including the data leak, extortion, and payment portals, remained
