Microsoft has reported a zero-day vulnerability, designated CVE-2021-40444, whose exploitation enables remote execution of malicious code on victims’ computers. Worse, cybercriminals are already using the vulnerability to attack Microsoft Office users. Therefore, Microsoft is advising Windows network show more ...
Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released show more ...
What will it mean to secure the “new normal” after the COVID pandemic has receded? In this spotlight edition of the podcast, Cathy Spence, a Senior Principal Engineer at Intel, joins us in The Security Ledger Podcast studios to talk about what that new normal wt ill look like. For Cathy, the future looks a lot show more ...
A new malware family dubbed PrivateLog was found using Common Log File System (CLFS) to stay under the radar and uses another malware—StashLog—as its installer. PRIVATELOG and StashLog have slightly contrasting methods for delivering other malicious payloads. The security agency recommends scanning for IOCs in the events with the keywords ‘process’, ‘imageload’, or ‘filewrite’ in the EDR logs.
“These attacks could serve as preparations for influence operations such as disinformation campaigns connected with the parliamentary election,” Foreign Ministry spokeswoman told reporters in Berlin.
The SEC adds, "If you are considering a digital asset-related investment, take the time to understand how the investment works and to evaluate its risks. Look for warning signs that it may be a scam."
A spear-phishing campaign by the FIN7 group was spotted using Windows 11 Alpha-themed Word maldocs—containing heavily obfuscated VBA macros—against a PoS service provider in the U.S. The document claims to be created with a new OS and fools some users that there is a compatibility problem. Security professionals are suggested to stay alert and keep sharing the latest IOCs to ensure protection against this threat.
Research by Sophos discovered that a network of websites is acting as a DaaS. The service is relatively cheap and some of them charge as low as $2 for 1,000 malware installs.
The operators behind the REvil ransomware group have resurfaced after allegedly closing shop following the widespread attack on Kaseya that caused thousands of victims on July 4.
"WhatsApp assures users that no one can see their messages — but the company has an extensive monitoring operation and regularly shares personal information with prosecutors," ProPublica claims.
Users are encouraged to update the affected products quickly: Ribbonsoft dxflib, version 3.17.0. Talos tested and confirmed these versions of the library could be exploited by this vulnerability.
Today, companies can't avoid ransomware threats. Eventually, attackers will get into an enterprise system. The goal then becomes to detect ransomware before it encrypts and exfiltrates business data.
On Friday, PeduliLindungi became the second COVID-19 tracking app in the country, after eHAC, to have suffered a data leak, affecting an unknown number of people, in the span of one week.
As cryptocurrency becomes increasingly mainstream, owned by a growing number of both businesses and individuals, its value to cybercriminals will also continue to grow parallely.
Healthcare accounted for nearly a quarter of the reported data breaches – the highest – accounting for over 29 million individual patient records stolen in 2020, in the US alone.
The game hit a snag over the weekend after a bug caused the user name and passwords for both the production and staging database servers to be in prize redemption emails sent to prize winners.
Tracked as CVE-2021-40346, the Integer Overflow vulnerability has a severity rating of 8.6 on the CVSS scoring system and has been rectified in HAProxy versions 2.0.25, 2.2.17, 2.3.14, and 2.4.4.
The technique uses “binary visualization” libraries to transform the markup and code of web pages into images. Using this method, they created a dataset of legitimate and phishing images of websites.
"Space is an invaluable domain, but it is also increasingly crowded and particularly susceptible to a range of cyber vulnerabilities and threats," Managing director of The Aerospace Corp UK said.
Websites of a number of financial institutions in New Zealand and its national postal service were briefly down on Wednesday, with officials saying they were battling a cyber attack.
AnaCap, a specialist mid-market private equity investor in technology-enabled financial services, today announces a majority investment in WebID, a leading German digital identification provider.
Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents.
The newly discovered Android 888 RAT has been used by the Kasablanka group and by BladeHawk. Both of them used alternative names to refer to the same Android RAT – LodaRAT and Gaza007 respectively.
Last month, experts identified a severe zero-day RCE exploit aimed at SolarWinds Serv-U FTP software. Researchers have now linked a limited and highly targeted attack on SolarWinds with a Chinese actor dubbed DEV-0322. Flaws in SolarWinds products have been exploited by Chinese threat actors even earlier. SolarWinds has already released an advisory, which should be implemented as soon as possible.
The personal details of more than 40,000 patients at Bhumirajanagarindra Kidney Institute Hospital have been stolen by a hacker, hospital director Thirachai Chantharotsiri said on Wednesday.
“We are taking action to protect the concerned individuals,” said a spokesperson for Texas Right to Life, told TechCrunch, referring to those who “sought and circulated the information.”
Victims are tempted by the promise of a considerable amount of cryptocurrency. Cashing out the full balance requires them to deposit some Bitcoin to the platform, which is the point of the scheme.
Residents of Bridgeport have been notified city government was hacked in late May of this year. A letter to residents said city IT systems were encrypted in a ransomware attack.
AT&T's Alien Labs has sounded the alarm on a malware campaign from TeamTNT which has gone almost entirely undetected by anti-virus and which is turning target devices into cryptocurrency miners.
Ionic Identity Vault versions 4.7 and below suffer from a biometric authentication bypass vulnerability on Android.
The Rencode python module for object serialization suffers from a 3-byte denial of service vulnerability.
Ubuntu Security Notice 5068-1 - It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM. It show more ...
Ubuntu Security Notice 5067-1 - Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. It was discovered that SSSD incorrectly handled Group Policy Objects. When show more ...
Ubuntu Security Notice 5066-1 - Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents.
Ubuntu Security Notice 5065-1 - It was discovered that Open vSwitch incorrectly handled decoding RAW_ENCAP actions. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5063-1 - Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks.
Ubuntu Security Notice 5064-1 - Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2021-3471-01 - This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for show more ...
Red Hat Security Advisory 2021-3454-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private show more ...
Red Hat Security Advisory 2021-3447-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2021-3446-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-3438-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2021-3441-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
WordPress TablePress plugin version 1.14 suffers from a csv injection vulnerability.
Ubuntu Security Notice 5062-1 - Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.
Red Hat Security Advisory 2021-3444-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-3445-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-3443-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-3442-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-3439-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in
Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps. Active since at least March 2020, the attacks leveraged as many as six dedicated Facebook profiles that claimed to provide news, two of which were aimed at Android users while the other
Most cyber security today involves much more planning, and much less reacting than in the past. Security teams spend most of their time preparing their organizations' defenses and doing operational work. Even so, teams often must quickly spring into action to respond to an attack. Security teams with copious resources can quickly shift between these two modes. They have enough resources to
The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are leveraging the cloud to accelerate essential HR functions such as recruiting, onboarding, evaluating, and more. SAP is leading this HR transformation with its human capital management (HCM) solution, SAP SuccessFactors.
A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks. Tracked as CVE-2021-40346, the Integer Overflow vulnerability
I hate to give advice to those who work for cybercrime gangs, but maybe - if they care about their liberty - they should think long and hard before making any international travel plans. Read more in my article on the Hot for Security blog.
