Cybersecurity researchers recently discovered security vulnerabilities in WiFi-enabled devices utilizing Realtek's SDK, hardware used by more than 65 manufacturers of Internet of Things devices. According to researchers from the German security firm IoT Inspector, the vulnerabilities might affect roughly 200 show more ...
InkySquid, a North Korean hacker, exploited two different vulnerabilities in Internet Explorer to infect users using custom Strategic Web Compromise (SWC) operations, according to The Hacker News. The vulnerabilities in question are CVE-2021-26411 - Internet Explorer Memory Corruption Vulnerability, with a CVSS score show more ...
40 different vulnerabilities related to opportunity-based encryption in email clients and servers that could allow an intruder to spoof mailbox contents and steal credentials have been identified and solved during the 30th USENIX Security Symposium. The Hacker News reports that Sebastian Schinzel, Damian Poddebniak, show more ...
FireEye researchers have found a significant vulnerability in Mandiant core component of the Kalay cloud platform that leaves millions of IoT devices vulnerable to remote attacks, according to Security Week. ThroughtTek, known for its IoT and M2M solutions for security, surveillance, consumer electronics systems, show more ...
LockBit RaaS have begun fresh attacks on workers of various businesses in Taiwan, Italy, the United Kingdom and Chile, offering them millions of dollars in exchange for providing valid credentials for first access, says Trend Micro. Unlike the 2019 version, LockBit 2.0 targets Active Directory and automatically show more ...
End to end encryption of Messenger's audio and video calls has finally been rolled out by Facebook after much anticipation, according to Tech Crunch. Since 2016, text messages sent through Facebook's top messaging service have been benefiting from end-to-end encryption (E2EE), a feature that prevents third show more ...
The latest malvertising campaign for Japan can deploy a banking Trojan on infected Windows computers and hence, steal credentials related to crypto-currency accounts. Analysts at Trend Micro Joseph Chen and Jaromir Horejsi claimed in an investigation published last week that the operation was due to a threat actor show more ...
If you run a popular blog and promote your business through Instagram, an account ban simply isn’t in the plan. For responsible users, the idea of being banned for, say, displaying suicidal content or trying to impersonate someone else might seem like a bad dream or a cruel joke, but it’s quite real for show more ...
T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. The acknowledgment came less than 48 hours after millions of the show more ...
The threat of number recycling arises when a user abandons their existing mobile phone number for another. Cybercriminals understand how useful recycled phone numbers can be.
A new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances could be abused by a remote, authenticated attacker to execute malicious commands on the system.
The DHS will conduct a “pathfinder assessment” to determine a path forward regarding a new cybersecurity compliance program that shares similarities to the Pentagon’s CMMC.
ReverseRAT, a remote access trojan used in major attack projects targeting organizations in South and Central Asia, has received prominent modifications in its capabilities. Called by Black Lotus researchers as ReverseRAT 2.0, the new variant is being used alongside a new agent called NightFury.
Given the reliance that many ransomware operations, in particular, appear to place on such "accesses," one surprise might be just how few individuals appear to be serving as initial access brokers.
Remote attackers could exploit devices running older versions of BlackBerry QNX products unpatched against BadAlloc to trigger DoS conditions or execute arbitrary code on vulnerable systems.
The overall efficiency of internal threat hunting still leaves much to be desired. Threat hunters believe that they are too under-resourced and overstretched to provide the best possible service.
With careful planning and the right combination of automation and standardized processes, a mature, effective, and world-class Security Operations Center (SOC) can be established.
Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software and seek out cyber insurance policies.
A judge in South Carolina has struck out several claims in a class-action lawsuit alleging the firm didn't do enough to prevent a 2020 ransomware attack, but allegations under CCPA will move forward.
Giving money to these cybercriminals only perpetuates the behavior; after all, it shows them that this is a profitable way to behave by giving them exactly what they want.
Volexity attributes the compromise of the Daily NK website to a threat actor it refers to as InkySquid, which broadly corresponds to an activity known publicly under the monikers ScarCruft and APT37.
A team of researchers at Ben-Gurion University came up with a new attack vector called Glowworm that can enable eavesdropping on Zoom and other virtual meetings by analyzing optical emission from a LED of a device. Glowworm is a similar attack as Lamphone that allowed the recovery of sound from a victim's room show more ...
Researchers discovered a new strain of ransomware, dubbed DeepBlueMagic, that uses a third-party encryption tool and several other tactics. The ransomware targets systems having Windows Server 2012 R2. The attack starts with encryption of files, not on the target’s endpoint devices, but the disk drives on the server. It also leaves the system drive (c:) untouched.
As the prevalence of digital fraud attempts continues to rise, TransUnion found that fraudsters are re-focusing their efforts from financial services to the travel and leisure, and gaming industries.
The breached data included customers' names, date of birth, social security numbers, and driver's license information, it said, but it found no evidence of financial data being compromised.
The research suggests that device identity spoofing threatens to become far more prevalent. Houdini is a well-known remote access trojan (RAT), but the research shows this particular use is novel.
The bulk of the losses for Scripps Health, representing $91.6 million, came from lost revenues during the four weeks the organization needed to recover from the May ransomware attack.
Security researcher MalwareHunterTeam found a malware campaign that uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Gozi (aka Ursnif) banking trojan.
With billions of user credentials having been leaked online following security breaches over the past decade, credential stuffing attacks are now common across a wide spectrum of industry verticals.
Periscope Equity announced that it has invested in CyberMaxx through a recapitalization in partnership with management. CyberMaxx provides services to prevent, detect, and respond to cyberattacks.
IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel.
Along with an equity investment into Rubrik by Microsoft, the deal will include co-engineering projects aimed at battling ransomware and promoting zero-trust data protection, the companies say.
Three banking trade groups wrote to the U.S. Senate Intelligence Committee recommending that the Cyber Incident Notification Act of 2021 be amended to include a 72-hour notification requirement.
The LockBit RaaS gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan, and the U.K. using version 2.0 of its malware.
Cloud marketplaces are rife with pre-built virtual machine (VM) images containing unpatched vulnerabilities, overly permissive firewall settings, and even malware and coin miners.
The new attack has been dubbed as an OPtical ADversarial attack (OPAD) and involves using three objects: a low-cost projector, a camera, and a computer in order to execute the attack.
Attacks on critical infrastructure entities often target OT and ICS and range from modifying various industrial processes to disrupting and even shutting them down entirely.
Hundreds of thousands of Indiana residents are being notified of a data breach involving responses collected via the Hoosier State's COVID-19 online contact tracing survey.
With the new funding, the firm has raised $12.9 million since its founding in 2018. New investor Mercury led the round with Managing Director Aziz Gilani joining Blumira’s board as a director.
The flaws, rated critical, expose both Windows and MacOS users to code execution attacks, Adobe said in an advisory released Tuesday. Updates have been released for Photoshop 2020 and Photoshop 2021.
By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June.
Security researchers have identified around 40 different vulnerabilities in a TLS encryption mechanism that could lead to targeted Man-in-the-Middle (MitM) attacks. Upgrading email communication protocols connections via STARTTLS is insecure and exposes the system to a number of security vulnerabilities along with attacks.
A crypto mining scheme deployed five malicious Docker images on Docker Hub to hijack computing resources to mine cryptocurrency. These containers are not being managed by an attacker directly, although there's a script at the entry point that runs an automated attack. Organizations are recommended to vet container images before adding them inside the internal registry.
Ransomware struck Japan’s largest property and casualty insurer, Tokio Marine Holdings, at its Singapore branch. It’s the third major insurer to disclose a ransomware attack in recent months.
Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Ubuntu Security Notice 5046-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle show more ...
Simple Image Gallery version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
Ubuntu Security Notice 5045-1 - Norbert Slusarek discovered that the CAN broadcast manger protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux show more ...
Red Hat Security Advisory 2021-3207-01 - This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, information leakage, man-in-the-middle, and traversal vulnerabilities.
Crossfire Server version 1.0 SetUp() remote buffer overflow exploit.
Red Hat Security Advisory 2021-3205-01 - A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, information leakage, man-in-the-middle, and traversal vulnerabilities.
Ubuntu Security Notice 5044-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the show more ...
Crime Records Management System version 1.0 suffers from a remote SQL injection vulnerability.
Hospital Management System created by kishan0725 suffers from a persistent cross site scripting vulnerability.
Ubuntu Security Notice 5043-1 - It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. These issues only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Various other issues were also addressed.
COVID-19 Testing Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. This is a variant of the original discovery of SQL injection in this version as discovered by Rohit Burke in May of 2021.
Ubuntu Security Notice 5042-1 - It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions.
Dancho Danchev wrote a personal 100 page memoir.
Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands
A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper. Cybersecurity firm Volexity attributed the attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the
IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel to target victims with fake job offers in an attempt to penetrate their computers and gain access to the company's clients. The attacks, which occurred in two waves in May and July 2021, have been linked
A virtual private network (VPN) is the perfect solution for a lot of issues you might experience online- accessing blocked sites, hiding your browsing activity, getting rid of internet throttling, finding better deals, and much more. But does a VPN protect you from hackers? Is your private information and files safer on the internet with a VPN? How much of a difference does it make in terms of
A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw
A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment. The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed BadAlloc, that was originally disclosed by
Graham Cluley Security News is sponsored this week by the folks at 1Password. Thanks to the great team there for their support! The shift to remote and hybrid work has created an ecosystem of new vulnerabilities, putting your critical data at risk. With less oversight into security protocols and employee behaviors, show more ...
If you attended Black Hat this year, you couldn’t avoid the topic of supply chain attacks. From keynotes to vendor messaging to booth presentations, they were a ubiquitous topic in Las Vegas this year. Supply chain attacks are cyberattacks targeting an upstream vendor for the ultimate purpose of compromising one or show more ...
