Windscribe, an IT company that sells privacy protection tools, said the VPN servers that were recently seized by Ukrainian authorities, were not encrypted, allowing the government to transfix their servers as well as capture and decrypt communications that went through them, according to Ars Technica. The company show more ...
announced earlier this month that two servers hosted in Ukraine had been seized as part of an investigation into suspicious activity a year ago. Windscribe's admission highlights the risks associated with the proliferation of VPN services in recent years. The threats linked with the risks are significant, and many business owners have yet to learn about them. Besides the lack of encryption, the... (read more)
According to a study conducted by Fitch Ratings, a historical increase in the number and intensity of cyberattacks on hospitals over the last 18 months will result in substantial income and expense challenges for non-profit hospitals and healthcare systems, according to Fierce Healthcare. Healthcare is a targeted show more ...
environment because of the vast amount of sensitive data maintained by organizations for the purposes of patient care and operations. The prevalence of cybercrime surged during the pandemic, as threat actors took advantage of the situation and created widespread disruption in the healthcare industry at a time when there was an urgent need for patient care. As
Microsoft responded fast with a fix for the PetitPotam attack, an attack technique that has the potential to force Windows remote systems to reveal password hashes, according to Threat Post. This can be used to cause the system to crash after the password hashes have been revealed. Microsoft has recommended system show more ...
administrators to avoid using the now-outdated Windows NT LAN Manager in order to avoid being targeted by an attack (NTLM). The PetitPotam vulnerability is related to the Windows operating system and the exploitation of a remote access protocol known as Encrypting File System Remote Protocol (EFSR) (MS -EFSRPC).The protocol is meant to allow the access of encrypted distant data repositories by Windows systems. Simply put, it allows data management while implementing policies to control data access. On Thursday, security researcher Gilles Lionel
To improve the efficiency of its campaigns, LemonDuck has refined and strengthened its techniques for attacking both Windows and Linux by focusing on earlier vulnerabilities and streamlining processes, according to The Hacker News. The malware known as LemonDuck, an active and robust malware renowned for its botnet show more ...
and cryptocurrency mining targets, took on more sophisticated actions and intensified its operations, according to Microsoft. The latest version is able to eliminate security checks, spread through e-mails, move laterally, steal credentials, and drop out more tools for human-run operations. The malware is known for its ability to spread rapidly across an infected networ... (read more)
Although Windows 11 is not expected to be released until later this year, cybercriminals do not want to waste any time and have already started creating ways to infect users with malware using the new operating system, according to CyberScoop. Microsoft unveiled Windows 11 at the end of June and made an initial show more ...
insider preview available to the public a short period of time after that. Safety has been identified as the most important driving principle in the creation of operating system improvements, according to the firm. Then again, a warning issued by Kaspersky on Friday states that cybercriminals are taking advantage of those waiting to get their hands on Microsoft's operating system update.The Kaspersky researchers said that while Microsoft offers to download and i... (read more)
A cyberattack response network has been formed in Brazil in order to facilitate a faster response to cyber threats and vulnerabilities by coordinating the efforts of federal government agencies, according to ZDNet. The Federal Cyber Incident Management Network, created by a presidential executive order signed July show more ...
16, would include the Office of the President Institutional Security Office and all agencies and entities of the federal government. Members of the network may include public businesses, mixed enterprises, and their subsidiaries who choose to do so willingly. The Network shall be coordinated by the Department of Information Security of the Presidency Institutional Security through the Government's Center for Cybersecurity Prevention, Treatment, and Response. The network is intended to provide a strategic purpose for the Digital Government Secretariat... (read more)
Apple fixed a zero-day vulnerability in its macOS, iOS, and iPadOS operating systems on Monday, less than a week after releasing a set of updates that addressed more than 36 other vulnerabilities in total, according to The Register. IOMobileFrameBuffer code, a kernel extension for the screen frame buffer management, show more ...
was found to include a vulnerability, classified as CVE-2021-30807, that can be exploited to execute malicious code on the afflicted device. The vulnerability is attributed to an unidentified researcher and was fixed by an undisclosed, but reportedly better memory handling code. Apple notes on its advisory "An application may be able to execute arbitrary code with kernel privileges," [.... (read more)
To steal corporate e-mail credentials from company employees, attackers must first get past the antiphishing solutions on the company’s e-mail servers. As a rule, they use legitimate Web services so as to evade notice, and increasingly, that means Google Apps Script, a JavaScript-based scripting platform. What show more ...
is Apps Script, and how do attackers use it? Apps Script is a JavaScript-based platform for automating tasks within Google’s products (e.g., creating add-ons for Google Docs) as well as in third-party applications. Essentially, it’s a service for creating scripts and running them in Google’s infrastructure. In e-mail phishing, attackers use the service for redirects. Instead of inserting the URL of a malicious website directly into a message, cybercriminals can plant a link to a script. That way, they can bypass the mail server-level antiphishing solutions: a hyperlink to a legitimate Google site with a good reputation sails through most of the filters. As an ancillary benefit to cybercriminals, undetected phishing sites can stay up longer. That scheme also gives attackers the flexibility to change the script if necessary (in case security solutions catch on), and to experiment with content delivery (e.g., sending victims to different versions of the site depending on their region). Example of a scam using Google Apps Script All the attackers have to do is get the user to click a link. Recently, the most common pretext was a “full mailbox.” In theory, that seems plausible. A typical phishing e-mail using a full-mailbox scam In practice, attackers are usually careless and leave signs of fraud that should be obvious even to users who are unfamiliar with real notifications: The e-mail is apparently from Microsoft Outlook, but the sender’s e-mail address has a foreign domain. A real notification about a full mailbox should come from the internal Exchange server. (Bonus sign: The sender’s name, Microsoft Outlook, is missing a space and uses a zero instead of the letter O.) The link, which appears when the cursor hovers over “Fix this in storage settings,” leads to a Google Apps Script site: E-mail link to Google Apps Script Mailboxes do not suddenly exceed their limits. Outlook starts warning users that space is running out long before they reach the limit. To suddenly exceed it by 850MB would probably mean receiving about that much spam all at once, which is extremely unlikely. In any case, here is an example of a legitimate Outlook notification: Legitimate notification about an almost full mailbox The “Fix this in storage settings” link redirects to a phishing site. Although in this case, it’s a fairly convincing copy of the login page from Outlook’s Web interface, a look at the browser’s address bar reveals that the page is hosted on a counterfeit website, not in the company’s infrastructure. How to avoid taking the bait Experience shows that phishing e-mails do not necessarily have to contain phishing links. Therefore, reliable corporate protection must include antiphishing capabilities both at the mail server level and on users' computers. Additionally, responsible protection needs to include ongoing employee awareness training covering current cyberthreats and phishing scams.
Extended Detection and Response (XDR) technology is gaining traction within enterprises. But how can organizations handle the increased volume of alerts XDR systems produce? Samuel Jones, of cyber AI firm Stellar Cyber, discusses how embracing incident-based systems can reduce the analyst burden of XDR technology, show more ...
enabling companies to spot and...Read the whole entry... » Related StoriesWhat SolarWinds Tells Us About Securing the Software Development Supply ChainThe SOC Hop Needs to be a Relic of the PastEpisode 216: Signed, Sealed and Delivered: The Future of Supply Chain Security
Researchers Zhi Wang, Chaoge Liu, and Xiang Cui presented a technique to deliver malware through neural network models to evade the detection without impacting the performance of the network.
In the Double extortion tactic, the cybercriminals demand two ransoms — one for a decryption utility and the other for the deletion of the victim’s stolen information from their servers.
Created through a presidential decree signed on July 16, the Federal Cyber Incident Management Network will encompass the Institutional Security Office of the presidency as well as all bodies and entities under the federal government administration.
The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.
Software company Kaseya has strongly denied paying to get access to a key to decrypt its systems following a massive ransomware attack on the company that impacted up to 1,500 organizations earlier this month.
Security firm Kaspersky has warned that crooks were exploiting people overeager to get their hands on the Microsoft operating system update, due for fall release, with fake installers.
The NIST has selected 18 technology companies to demonstrate "zero trust" security architectures as it prepares to draft guidance for use of the model by federal agencies, which the private sector can also follow.
The CEO of Egress has warned that COVID passport phishing emails are circulating – and directed users to fake NHS websites. These passes allow people to show their vaccination details or test results, and are considered an official COVID-19 status.
As cloud adoption accelerates, engineering and security teams say that risks—and the costs of addressing them—are increasing. The findings are part of the State of Cloud Security 2021 survey conducted by Fugue and Sonatype.
Israeli Defence Minister Benny Gantz will travel to France this week to discuss spyware sold by Israeli cyber firm NSO that was allegedly used to target French President Emmanuel Macron.
Half of the security vulnerability reports the Singapore government received are via bug bounties and public disclosure schemes have been ascertained to be valid. The public sector also recorded a 44% increase in data incidents over the past year.
Cyber insurance startup At-Bay said on Tuesday it raised $185 million at a $1.35 billion valuation to expand its business as many in the cyber industry face growing losses due to ransomware attacks.
In a new transparency report released this month, the social media giant Facebook said that barely 2.3 percent of all its active accounts have enabled at least one method of two-factor authentication between July and December last year.
Cybersecurity researchers disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses.
BRI Life, the insurance arm of Indonesia's Bank Rakyat Indonesia (BRI), said that it was investigating claims that the personal details of over two million of its customers had been advertised for sale by unidentified hackers.
The additional phishing protection in Microsoft Teams is available for organizations using Defender for Office 365 to guard against phishing attacks that use weaponized URLs.
In the wee hours of the Tokyo Olympic Games, an interesting Wiper malware surfaced that reminds of the same destructive malware that targeted the Pyeongchang Winter Games. This one is called “Olympic Destroyer.”
At the end of May, the Babuk ransomware operators rebranded their ransomware leak site into Payload[.]bin and started offering the opportunity to other gangs to use it to leak data stolen from their victims.
A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET applications to deploy fileless malware.
The document sent to customers and dated on Monday said the force majeure would be implemented with immediate effect. It would impact container terminals in Durban, Ngqura, Port Elizabeth, and Cape Town.
Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service. The vulnerabilities include remote code execution and authenticated privilege escalation on the client side.
It’s not just small and medium-sized enterprises that are seeing their credentials shared on hacker forums. This year, SpyCloud found almost 26 million Fortune 1000 business accounts and 543 million employee credentials circulating on the dark web.
Since launching its first VRP more than ten years ago, Google has rewarded 2,022 security researchers from 84 different countries worldwide for reporting over 11,000 bugs.
The data breach has affected the unemployment benefits system and targeted 57,920 claimant accounts. The breach affected accounts within the Reemployment Assistance Claims and Benefits Information System, commonly known as CONNECT.
Clearview AI announced the successful close of a $30 mn Series B funding round that now values the company at $130 mn. The investment, which includes funds from institutional investors and family offices, will fuel Clearview’s continued growth.
An overwhelming percentage of CISOs consider their organization to be at greater risk of a cybersecurity attack due to the transition to home working, according to a new survey from BlueFort Security.
At least three states—New York, North Carolina, and Pennsylvania—are considering legislation that would ban state and local government agencies from paying the ransom if they’re attacked by cybercriminals.
XLoader appears to be distributed within a .jar file. Such a file contains code that can be executed by Java, dropping the malware on the system. One major advantage, for the attacker, of using Java is that the “dropper” can be cross-platform.
The “No More Ransom” website is an initiative launched by the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
Ubuntu Security Notice 5023-1 - It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
Red Hat Security Advisory 2021-2914-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011, could execute arbitrary code of their choice in Jira through deserialization due to a show more ...
missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. Various versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center are affected.
Red Hat Security Advisory 2021-2763-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel-rt packages show more ...
provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3.
WordPress Social Warfare plugin version 3.5.2 remote code execution exploit. This fully automated exploit is a variation of the original discovery made by Luka Sikic and hash3liZer in May of 2019.
Ubuntu Security Notice 5022-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.26 in Ubuntu 20.04 LTS and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.35. In addition to security fixes, the show more ...
updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory
Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework
Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts. "Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies," said Eric Milam, Vice President of
Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and reported in
Apple has released a major security update for its devices, after finding a zero-day flaw that the company indicates has been the focus of in-the-wild attacks by hackers, and might have been used to plant malware. Read more in my article on the Hot for Security blog.
Twitter has revealed that the vast majority of its users have ignored advice to protect their accounts with two-factor authentication (2FA) - one of the simplest ways to harden account security. Read more in my article on the Hot for Security blog.
