This week on the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I head to Australia. Turns out the app our friends down under use for their COVID passports is spoofable — and the researcher who found it has been ghosted by government officials he reached out to. From there, we jump into the world of gangs show more ...
With information technologies inseparable from modern society, the importance of cybersecurity is growing, and therefore, trust has never been more important. Clients and partners of companies working in the field of information security need to understand who is involved in protecting their confidential data, what show more ...
TTEC, [NASDAQ: TTEC], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. While many companies have been laying off show more ...
Security researchers at NCC Group’s Research Intelligence and Fusion Team (RIFT) noted a 288% surge in ransomware threats in the first half of the year. Conti ransomware accounted for nearly 22% of ransomware leaks between April and June.
ACSC reported a 13% jump in cybercrime in the past year, with about one in four incidents targeting critical infrastructure and services as WFH made more people vulnerable to online attacks.
An advance fee fraud scheme was spotted approaching cryptocurrency users (via email) and convincing them to transfer a small BTC amount. The attackers behind these campaigns are targeting tech-savvy individuals, who are skilled at handling their digital wallets, via emails. Crypto investors and users are suggested to avoid any shortcut to acquire BTC or any other cryptocurrency.
Sophos laid bare details about dropper-as-a-service that leverages top search results for malicious applications on victims’ systems to drop malware payloads. Some services were charging just $2 for 1,000 malware installs via droppers. Security agencies are suggested to keep an eye on such budding criminal services and take appropriate defense measures.
The impacted products include Azure Open Management Infrastructure, Azure Sphere, Office Excel, PowerPoint, Word, and Access; the kernel, Visual Studio, Microsoft Windows DNS, and BitLocker.
Krita has become the latest victim of ransomware. But rather than being attacked directly, its name is being used to spread malware among users via emails offering advertising revenue.
Before joining CISA as chief of staff, Todt served as managing director of the non-profit Cyber Readiness Institute (CRI). She also served as president and managing partner at Liberty Group Ventures.
The company also announced the acquisition of VisibleRisk, a cyber risk ratings venture created by Moody’s and Israel-based cybersecurity think tank and venture creation foundry Team8.
Users of Azure who are running Linux virtual machines may not be aware they have a severely vulnerable piece of management software installed on their machine by Microsoft.
Switzerland’s national postal organization Swiss Post is offering bug bounty rewards of up to €230,000 (~$271,000) for critical vulnerabilities identified in a future digital voting system.
Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly.
Maura Healey, the attorney general, plans to investigate whether the Bellevue, Washington-based company had proper safeguards to protect customers' personal information and mobile devices.
This indicates that many firms are not prioritizing their data security and neglecting routine patching exercises. Based on Imperva scans, some CVEs have gone unaddressed for three or more years.
The warnings are part of the firm’s September monthly security update, which this month addresses 59 bugs found in 15 of its products, including in Photoshop, Premiere Elements, ColdFusion and InCopy.
Researchers noted that the leak site and other sites connected to the REvil ransomware group are back online, suggesting the group’s resurgence after it disappeared following the Kaseya attack. It is also suggested that the threat actor's servers could have been turned on by mistake or due to the actions of law enforcement.
KrebsOnSecurity is often the target of disgruntled cybercriminals and has now been targeted by a large botnet. The website was subject to an assault by the "Meris" botnet on Thursday evening.
ESET researchers stumbled across BladeHawk, a mobile espionage campaign, aimed at the Kurdish ethnic group. Active since March 2020, attackers use Facebook and fake Android apps to trick users. Experts recommend avoiding downloading apps from unknown sources and using anti-malware software to stay protected.
More cybercriminals are now seeking direct cloud account access in underground marketplaces as we witness a rapid shift to cloud-based infrastructure. Today, the dark web forums are rife with admin accounts of Azure, Amazon AWS, and Google Cloud, indicating that businesses now face a greater threat than ever before.
RiskIQ researchers recently unraveled a large part of the infrastructure used by Magecart Group 8 and how they migrated to different hosts in particular Flowspec and OVH over time.
Desert Wells Family Medicine says it is attempting to reconstruct thousands of patients' health records following a May ransomware attack that badly corrupted the records as well as backup data.
An examination by a researcher revealed security shortcomings that might be combined and abused to either bypass authentication mechanisms or used as part of phishing attacks.
The top three tactics attackers have been using to break into corporate and government networks are brute-force attacks, unpatched vulnerabilities, and social engineering via malicious emails.
Neosec announced its Series A fundraise from True Ventures, New Era Capital Partners, TLV, and SixThirty in addition to Mark Anderson, Gary Fish, Mickey Boodaei, Rakesh Loonkar, and Shailesh Rao.
Cisco Talos recently discovered a use-after-free vulnerability (CVE-2021-21798) in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application.
A top-ranking FBI official on Tuesday said the federal agency has seen no evidence that the Russian government has moved against notorious ransomware gangs operating on its soil.
Ransomware actors are trying to exploit the adoption of new digital and complex technologies in the global food supply chain. A new alert issued by the FBI highlights that organizations in the food and agriculture sector have come under the active radar of ransomware gangs. Such risks can only be reduced by timely show more ...
Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40, are all charged with having broken federal laws related to computer fraud and export regulations, the Department of Justice announced Tuesday.
Although the pandemic is not over, as the world opens up borders and the vaccines slow down the spread of the virus, people who have been cooped up at home are eager to travel.
Researchers at NC State created a toolkit dubbed iTimed, which builds atop an open-source reimplementation of the "unpatchable" checkm8 boot ROM vulnerability first disclosed back in September 2019.
StrongDM today announced that it raised $54 million in Series B round led by Tiger Global, with participation from GV, Sequoia Capital, True Ventures, HearstLab, Bloomberg Beta, and Godfrey Sullivan.
It said that it has resolved the underlying problem with a series of security patches, adding that users should consider making changes to their passcodes and authentication tokens as a precaution.
Threat actors impersonated the USDOT in a phishing campaign that used a combination of tactics – including creating new domains that mimic federal sites so as to appear to be legitimate.
Some of the vulnerabilities have already been patched by Siemens, while others are in the process of being fixed. Meanwhile, workarounds and/or mitigations are also available.
The data exposure potentially affects the personal information of millions of people who used — or continue to use — Walgreens’ Covid-19 testing services over the course of the pandemic.
SAP this week announced the release of 17 new and two updated security notes on the September 2021 Security Patch Day. Seven of these deal with critical vulnerabilities in SAP products.
Data breach incidents owing to misconfigured Firebase databases continue to escalate despite multiple warnings in the past to secure these with passwords. It appears that Firebase administrators have failed to follow the protocols and sensitive user data can still be found online. Some of the recommended measures to show more ...
In the coming weeks, Microsoft said that users would be able to remove the password from their consumer account and choose an alternative authentication option instead to boost security.
On Tuesday, cybersecurity researcher Randy Westergren discovered a pre-authentication RCE security flaw and the means to obtain a full root shell of the Motorola Halo+, a popular baby monitor.
elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT argument as part of show more ...
Ubuntu Security Notice 5079-2 - USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue show more ...
Ubuntu Security Notice 5079-1 - It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled show more ...
Red Hat Security Advisory 2021-3548-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
Red Hat Security Advisory 2021-3547-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Red Hat Security Advisory 2021-3546-01 - The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Issues addressed include a denial of service vulnerability.
Support Board version 3.3.3 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2021-3488-01 - Neutron is a virtual network service for OpenStack. Just like OpenStack Nova provides an API to dynamically request and configure virtual servers, Neutron provides an API to dynamically request and configure virtual networks. These networks connect "interfaces" from other OpenStack services. The Neutron API supports extensions to provide advanced network capabilities.
AHSS-PHP version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2021-3487-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train).
Evolution CMS version 3.1.6 authenticated remote code execution exploit.
Red Hat Security Advisory 2021-3490-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.
Ubuntu Security Notice 5078-1 - Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.
Remote command execution exploit for Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 which have a web interface called AlphaWeb XE that allows for a remote shell upload.
Ubuntu Security Notice 5077-2 - USN-5077-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Maik M
A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week. Of the 66 flaws, three are rated
The U.S. Department of Justice (DoJ) on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. The trio in question — Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40 — are accused of "knowingly and willfully combine, conspire, confederate, and
Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Have you signed-up for your free ticket for Predict 21 yet? It’s the virtual event where intelligence analysts, network defenders, and cybersecurity executives will join together show more ...
