Microsoft issued a warning about a huge phishing campaign that uses open email links to steal credentials, according to The Hacker News. An old idiom advises us to work smart, not hard and nobody applies it better than modern hackers. Using something as common as URLs, threat actors manage to trick numerous users into show more ...
With an average cost of a data breach reaching an all-time high of $4.24 million, still some companies fail to see the full picture and don't meet modern cybersecurity standards, according to Tripwire. Despite the fact that online threats are increasing on a daily basis, numerous firms fail to recognize the show more ...
Cybercriminals are launching a new scam to take advantage of the release of Kanye West's Donda album by distributing malicious fake downloads on the Internet, according to Tech Republic. Cybersecurity firm Kaspersky proactively studied the event to see if threat actors were spreading any malware across the show more ...
Contacless Mastercard and Maestro PINs can be bypasses due to a new vulnerability discovered by Swiss College of Engineering in Zurich, according to Cybersecurity News. The key aspect of the flaw is that it allows thieves to use a hacked Mastercard or Maestro card to make contactless payments without having to input show more ...
Following sophisticated cyberattacks that targeted critical infrastructure, organizations and governments around the world, Microsoft, Amazon, Apple, IBM and Google pledged to invest a total of $30 billion in cybersecurity advances over the next 5 years, according to The Hacker News. US plans to develop a framework show more ...
Microsoft sent out a warning to thousands of cloud computing customers regarding threat actors that can view, modify, or even delete master databases if they gain access to their systems, according to Reuters. Wiz announced that Microsoft Azure's flagship Cosmos database contain a vulnerability that allows access show more ...
A vpnMentor investigation found that a 134 GB server owned by EskyFun is exposed and user data was leaked for game titles such as Metamorph M, The Three Kingdoms Legend, Adventure Story, Rainbow Story, and Fantasy MMORPG. The aforementioned games were downloaded 1.6 million times, whereas the leaked information had show more ...
How does the information companies collect fall into the wrong hands? Sometimes insiders sell it, and sometimes targeted hacking springs the leak, but most often, personally identifiable information gets out through misconfigured services or programs. Adding to mountains of evidence of just that, researchers from show more ...
HPE warns the Sudo flaw could be part of a “chained attack” where an “attacker has achieved a foothold with lower privileges via another vulnerability and then uses this to escalate privileges.
The Government Technology Agency (GovTech) said its new Vulnerability Rewards Programme was the third crowdsourced initiative it has adopted to enhance the security of its ICT systems.
Data from Japanese tech giant Fujitsu is being sold on the dark web by a group called Marketo, but the company said the information "appears related to customers" and not their own systems.
Attempting to hack back an adversary could have geopolitical implications that go well beyond the scope of the individual business and with the possibility of false-flag operations.
Network-attached storage maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS) vulnerabilities patched by OpenSSL last week.
As many people look to renew their licenses, driver’s license phishing scams designed to steal people’s identities have been popping up across the U.S., according to state motor vehicle agencies.
The SEC charged KMS Financial Services, five units of financial firm Cetera, and two units of Cambridge Investment Research for failures to adopt and implement cybersecurity policies and procedures.
What began as a few lone rogue hackers selling zero-days and user credentials in IRC chatrooms or darknet forums has now evolved into professional and commercial entities.
The attacker uses Python to automatically exploit the vulnerability to upload webshell, record webshell paths, and further install malicious codes for DDoS attacks and mining on the basis of webshell.
Single-factor authentication (SFA) has been added today by the US Cybersecurity and Infrastructure Security Agency (CISA) to a very short list of cybersecurity bad practices it advises against.
The artificial intelligence model was designed to help programmers with their work by suggesting lines of code right in the editor. However, it can produce vulnerable code in many scenarios.
Some security and privacy experts note that the findings at the DoD are similar to records access issues that private sector healthcare entities struggle with concerning VIPs and other patients.
The third annual President’s Cup Cybersecurity Competition offers federal employees and service members a chance to flex cyber know-how in three-round as teams or individuals.
The U.S. Securities and Exchange Commission (SEC) will monitor decentralized finance (DeFi) transactions, after contracting with the blockchain cybersecurity firm AnChain.AI.
Researchers with vpnMentor have uncovered a data breach involving the COVID-19 test and trace app created by the Indonesian government for those traveling into the country.
A ranking member of the Senate Banking Committee is requesting inputs from crypto and blockchain community to inform future legislation on its security, data privacy, and other investor protections.
When the Meltdown and Spectre flaws were revealed, researchers initially said Meltdown had only been verified on Intel x86 chips. It was unclear whether AMD processors were vulnerable.
According to data by Abnormal Security, 32.5% of all companies were targeted by brute force attacks in early June 2021. 61% of organizations experienced a vendor email compromise attack this quarter.
Rapid7 researchers discovered that the product is affected by two vulnerabilities — both rated medium severity based on their CVSS score — that can be exploited remotely.
One of the most interesting trends over the past few months, according to a new report, is the rising demand for access to cloud accounts in the sale of admin credentials from Initial Access Brokers.
According to an advisory on GitHub, both TensorFlow and Keras, a wrapper library for TensorFlow, used an unsafe function to deserialize YAML-encoded machine learning models.
Cybercriminals are abusing proxyware, also known as internet-sharing applications, which are legitimate services that allow users to portion out part of their internet connection for other devices.
Yoroi’s Malware ZLAB unit first discovered a complete new malware implant named “JsOutProx” (TH-264), a complex JavaScript-based RAT used to attack financial institutions in the APAC area in 2019.
DuPage Medical Group, Illinois’ largest independent physicians group, experienced a computer and phone outage that lasted nearly a week in mid-July. The incident may have also affected patient data.
Mozi uses a robust P2P network structure so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices.
Several major organizations whose products rely on OpenSSL have released security advisories, including Linux distributions such as Red Hat (not affected), Ubuntu, SUSE, Debian, and Alpine Linux.
Names, home addresses, postcodes, phone numbers, email addresses, and IP addresses are included in the CSV file – along with geographic coordinates for many of the 111,295 people listed in the breach.
A pair of security vulnerabilities in the WooCommerce Dynamic Pricing and Discounts plugin from Envato could allow unauthenticated attackers to inject malicious code into websites.
Trend Micro found that around 13 million malware attacks targeted Linux-based cloud environments, with ransomware and coin miners accounting for 54% of attacks in the first half of 2021. Web shells accounted for around 20% of malware families. It is recommended to have additional and adequate layers of security checks against such threats that might become aggressive in near future.
The FBI cautioned against the Hive ransomware that recently halted operations at Memorial Health System in a cyberattack. The group’s deadline ranges between two to six days, normally. Hive actors use RDP to move laterally inside the network. A response plan in the event of ransomware attacks should be kept handy.
According to Kaspersky, between July 2020 and June 2021, around 303,827 users were faced with gaming-related malware and other unwanted software, while 69,224 files were propagated under the pretense of 24 most played PC games.
The Belgian Police issued a warning about the return of the Joker virus that is attacking Android devices - once more. The virus has been detected in eight apps in the Google Play Store; however, the apps have been removed by Google.
A version of FMWhatsApp, a popular WhatsApp mod, was found to carry a trojan. Dubbed Triada, the trojan downloads malicious apps on victims’ devices and is found in version 16.80.0 of FMWhatsApp.
Red Hat Security Advisory 2021-3392-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Ubuntu Security Notice 5058-1 - It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS handshake. A person-in-the-middle could potentially exploit this to trick Thunderbird into showing incorrect information. Multiple security issues were discovered in show more ...
Red Hat Security Advisory 2021-3381-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2021-3366-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a crlf injection vulnerability.
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
Red Hat Security Advisory 2021-3363-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.
Red Hat Security Advisory 2021-3365-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end show more ...
Red Hat Security Advisory 2021-3364-01 - The microcode_ctl packages provide microcode updates for Intel. Issues addressed include information leakage and privilege escalation vulnerabilities.
Ubuntu Security Notice 5057-1 - Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.
Ubuntu Security Notice 5054-1 - Felix Wilhelm discovered a buffer overflow flaw in the mod_proxy_uwsgi module. An attacker could use this vulnerability to provoke an information disclosure or potentially remote code execution.
Ubuntu Security Notice 5056-1 - It was discovered that APR incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an authenticated remote code execution vulnerability.
BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an XML tag injection vulnerability.
Red Hat Security Advisory 2021-3327-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, out of bounds write, and privilege escalation vulnerabilities.
Backdoor.Win32.Hupigon.aejq malware suffers from a traversal vulnerability.
Backdoor.Win32.Hupigon.aejq malware suffers from a man-in-the-middle vulnerability.
Backdoor.Win32.Hupigon.aejq malware suffers from bypass and code execution vulnerabilities.
This is an LLVM based tool to audit Linux kernel module security using both pointer and taint analyses that are flow-sensitive, context-sensitive, and fieldsensitive on kernel drivers. It is port of Dr. Checker.
Backdoor.Win32.BO2K.11.d malware suffers from a buffer overflow vulnerability.
Red Hat Security Advisory 2021-3328-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, out of bounds write, and privilege escalation vulnerabilities.
Red Hat Security Advisory 2021-3325-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
Git clients that support delay-capable clean / smudge filters and symbolic links on case-insensitive file systems are vulnerable to remote code execution while cloning a repository. Usage of clean / smudge filters through Git LFS and a case-insensitive file system changes the checkout order of repository files which show more ...
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant show more ...
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks. Single-factor authentication is a method of signing in users to websites and remote systems by
Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information (PII). The issue, tracked as CVE-2021-33766 (CVSS score: 7.3) and coined "ProxyToken," was discovered by Le Xuan Tuyen, a researcher at the
New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge. The two unpatched issues, tracked under the identifiers CVE-2021-39276 (CVSS score: 5.3) and CVE-2021-39277 (CVSS score: 5.7),
A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity" (aka VIA), the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once
The notorious Ragnarok ransomware gang appears to have abruptly closed its operations and entered retirement, releasing a universal decryption key for its past victims. Read more in my article on the Hot for Security blog.
