At first glance, the Dune universe seems IT-deficient. Humanity may be building spaceships, but it relies on the human mind to calculate flight paths. Humans send troops to alien planets but exchange messages through couriers. They colonize other worlds yet live in a feudal society. What information security is there show more ...
LogPoint announced it will acquire Tel Aviv-based SecBI, a disruptive player in automated cyber threat detection and response. The fInancial terms of the deal were not disclosed.
Railway and other types of wireless communication devices made by Taiwan-based industrial networking and automation firm Moxa are affected by nearly 60 security vulnerabilities.
The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019.
Google will record the location of whatever phone a person has logged into. So, it’s not even necessary for someone to install one of the insidious stalkerware apps that have flooded the marketplace.
Ireland's Data Privacy Commissioner has hit WhatsApp with a $266 million fine for violating the EU's GDPR privacy laws after failing to inform users and non-users on what it does with their data.
Wawa is paying out up to $9-million in cash and gift cards related to a data breach that exposed customers' credit and debit card numbers and names between March 4, 2019, and December 12, 2019.
The cybercrime group compromises up to 100,000 email inboxes daily, and apparently uses this access to except siphon gift card and customer loyalty program data that can be resold online.
White House deputy national security adviser Anne Neuberger on Thursday urged U.S. organizations to be on guard against malicious digital activity ahead of the Labor Day holiday.
An attacker was apparently able to breach the site for famed street artist Banksy and sell a fake NFT of the artist’s work for more than $336,000. The fraudster has since returned the ill-gotten cash.
Machine learning in cybersecurity has a major challenge – it can't make mistakes. A mistake in one direction can lead to a risky slip of malware falling through the cracks.
Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July.
The FBI said today that Americans lost more than $8 million to sextortion scams in the first seven months of the year following a massive uptick in activity from criminal groups.
Springbrook Software, Deerfield’s data storage provider, notified the town of the incident after it completed an investigation on May 6 and the town made a formal announcement on August 31.
MarkMonitor, now part of Clarivate, is a domain management company. The parked domains were pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.
The company said its systems blocked a denial of service (DDoS) attack on one user but in doing so caused some Vocus customers in Auckland, Wellington, and Christchurch to suffer outages.
If exploited, an attacker could discover cameras that they do not own, instruct these cameras to broadcast their feeds to unauthorized third parties, and compromise the camera firmware.
It has been engineered to overcome a major issue with operating systems — that if not configured correctly, they will trust all USBs regardless of what might be installed on them.
China and other countries have used insiders to steal intellectual property from agricultural research. The government has responded with guidance for identifying insider threats.
In addition to the May ransomware attack on JBS Foods, the FBI listed dozens of ransomware incidents that have taken place over the last six months targeting the food sector.
The zero-day was the work of a new threat actor tracked as DEV-0322, which Microsoft described as “a group operating out of China, based on observed victimology, tactics, and procedures.”
The USCYBERCOM also stressed the importance of patching vulnerable Confluence servers as soon as possible: "Please patch immediately if you haven’t already— this cannot wait until after the weekend."
Researchers from Rapid7’s IntSights revealed that underground criminals are selling unauthorized access to compromised enterprise networks for up to $10,000.
Bilaxy announced on its Telegram channel that the crypto exchange suffered a “serious hack” on Saturday between 6 pm and 7 pm UTC, resulting in the transfer of 295 different ERC-20 tokens.
The Dallas Independent School District (Dallas ISD) has disclosed a data breach exposing sensitive personal data belonging to students and employees enrolled or employed since 2010.
While Microsoft fully patched these vulnerabilities in May, technical details regarding exploiting the vulnerabilities were recently released, allowing threat actors to start using them in attacks.
A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant.
As first noticed by security researcher vx-underground, an alleged member of the Babuk group released the full source code for their ransomware on a popular Russian-speaking hacking forum.
Artica Proxy VMWare Appliance versions 4.30.000000 SP273 and below suffer from a path traversal vulnerability.
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database show more ...
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the show more ...
OpenSIS version 8.0 suffers from a local file inclusion vulnerability via a path traversal.
Remote Mouse version 4.002 suffers from an unquoted service path vulnerability.
jforum version 2.7.0 suffers from a persistent cross site scripting vulnerability.
This whitepaper discusses BRAKTOOTH, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.
Windows Defender Application Guard suffers from a denial of service vulnerability when fed an overly long url.
Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software (NFVIS) that could be exploited by an attacker to take control of an affected system. Tracked as CVE-2021-34746, the weakness has been rated 9.8 out of a maximum of 10 on the Common Vulnerability Scoring System (CVSS) and could allow a remote attacker to circumvent
A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service provider located in the U.S. The attacks, which are believed to have taken place between late June to late July 2021, have been attributed with "moderate confidence" to a
Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms. FireEye's Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the identities of the
