By comparison, a phishing attack makes sense: Click a link, land on a malicious page, enter some details, and an attacker steals them. Try this one on for size, instead: Click a link and an attacker steals your data. That’s right, today we’re talking about malicious pages that exploit a fundamental CPU show more ...
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since show more ...
A Russian national who operated two infamous cybercrime forums has been extradited from the US back to his homeland of Russia in a rare and uncharacteristic move from US officials.
According to Jo Coscia, the security researcher who discovered the issue while using a trial version of pcTattleTale, the company uploads the screenshots to an unsecured AWS bucket.
Targeting Windows systems, the Colossus ransomware was used in an attack on an automotive group of dealerships based in the U.S., with its operators threatening to leak 200 GB of stolen data.
Japan's new national cyber-security policy names China, Russia, and North Korea as sources of heightened threat. It also calls for Japan's Self Defence Force to increase its digital capabilities.
Fraudsters behind these illegal call centers used VoIP (Voice over Internet Protocol) phone numbers to hide their locations while scamming thousands of foreign investors.
Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser and view, change, or delete data.
The Department of Justice (DoJ) on Monday revealed that Virgil Griffith, a US citizen resident in Singapore, hatched plans in 2018 to help an individual in North Korea mine cryptocurrency.
Lower Hutt-based technology retailer Aquila Technology has confirmed the company has been affected by a data breach, which may have compromised customers’ personal and credit card information.
True security comes from looking at IT systems as hackers would and implementing heavy protection at the most vulnerable points of these systems – the points most attractive to infiltrators.
A flaw in ASUS's ROG Armoury Crate hardware management app could have allowed low-privileged users to execute code as admin. Tracked as CVE-2021-40981, the vuln has not yet received a CVSS score.
While 2FA can improve upon the use of passwords alone to protect our accounts, threat actors were quick to develop methods to intercept OTP, such as through malware or social engineering.
A CNP transaction occurs when a sale is made without the customer physically presenting their credit card to the merchant, and when it turns out to be fraudulent, the liability lies with the merchant.
Akamai Technologies has acquired Guardicore to enhance the content delivery network (CDN's) cybersecurity portfolio. Akamai will pay roughly $600 million to acquire all outstanding Guardicore equity.
Private proof-of-vaccination app Portpass exposed personal information, including the driver's licenses, of what could be as many as hundreds of thousands of users by leaving its website unsecured.
Tracked as CVE-2021-26084 (CVSS score: 9.8), it is an OGNL injection vulnerability that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions.
According to Unit 42, 63% of third-party code templates used in building cloud infrastructure contained insecure configurations. 96% of third-party container apps contain known vulnerabilities.
Google researchers highlighted a new threat in the form of OpenSUpdater used by cybercriminals who are targeting people prone to downloading cracked versions of games and other popular software in the U.S. However, Microsoft thinks attackers wouldn't be infecting devices via this technique and underlined that Microsoft Defender Antivirus detects and removes OpenSUpdater.
Anyone who finds the AirTag and scans it with an Apple or Android phone will immediately see a unique Apple URL with the owner’s message. This feature can be abused to redirect to a phishing page.
In a tactic to pressure victims into paying up, the lesser-known Karma ransomware group was discovered communicating with journalists about the victims. The attackers claimed to have stolen a few terabytes of internal data from a medical device-making firm. Organizations are recommended to increase staff awareness about phishing attacks, create offline backups, and monitor large file uploads.
Several recent phishing campaigns have attempted to deliver a variant of the Dridex banking trojan that is named as DoppelDridex, via payloads staged on Slack and Discord CDNs.
Proofpoint has observed nearly 20 notable campaigns distributing thousands of messages targeting Italian organizations this year, which equals 80% of the number of similar campaigns in 2020.
Forensic evidence of this active Android Trojan attack, which Zimperium researchers have named GriftHorse, suggests that the threat group has been running this campaign since November 2020.
Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem to likely lure victims into fraudulent transactions.
Most of the organizations believe they are doing a good job managing subsidiary risk, yet 67% said their organization had experienced a cyberattack where the attack chain likely included a subsidiary.
FormBook creators did some rewrites on the original exploit, which was based on the code disclosed by Trend Micro and Microsoft to protect JavaScript code from being reverse-engineered.
Google has launched a new development program targeting the Tsunami Security Scanner, an internal Google tool that was open-sourced in July 2020 and made available to the public.
The potentially compromised data included the full names, addresses, dates of birth, and SSNs of an unspecified number of employees, according to an updated statement by Navistar on the breach.
Multiple security vulnerabilities in open source status page system Cachet could allow an attacker to execute arbitrary code and steal sensitive data, researchers have warned.
Red Hat Security Advisory 2021-3642-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Pet Shop Management System version 1.0 suffers from a remote shell upload vulnerability.
Ubuntu Security Notice 5092-2 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the show more ...
Mitrastar GPT-2541GNAC-N1 suffers from a privilege escalation vulnerability that provides root privileges.
Google's Extensible Service Proxy suffers from a header forgery vulnerability.
Ubuntu Security Notice 5094-1 - It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or show more ...
Storage Unit Rental Management System version 1.0 suffers from a remote shell upload vulnerability.
Ubuntu Security Notice 5090-4 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could show more ...
WordPress Redirect 404 to Parent plugin version 1.3.0 suffers from a cross site scripting vulnerability.
WordPress Select All Categories And Taxonomies plugin version 1.3.1 suffers from a cross site scripting vulnerability.
OpenSIS version 8.0 suffers from a cross site scripting vulnerability.
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. It was originally written by Google and open sourced in July of 2020.
Covid Vaccination Scheduler System version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to faisalfs10x in July of 2021.
Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit using a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis. Detected in the wild since 2011, FinFisher (aka FinSpy or Wingbird) is a spyware toolset for Windows, macOS, and Linux
A newly discovered "aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 (~$42) per month without their knowledge. Zimperium zLabs dubbed the malicious trojan "GriftHorse." The money-making scheme is believed to have been under active development starting from
Chief Information Security Officers (CISOs) are an essential pillar of an organization’s defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much to accomplish. Fortunately. A new guide by XDR provider Cynet (download here) looks to
Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals' control. "The attackers distributed two different variants of banking malware, named PixStealer and MalRhino,
Facebook on Wednesday announced it's open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. "[Mariana Trench] is designed to be able to scan large mobile codebases and flag potential issues on pull requests before they make it into production," the
Graham Cluley Security News is sponsored this week by the folks at 1Password. Thanks to the great team there for their support! Infrastructure secrets are a major security liability for today’s businesses. Learn the scope and complexity of the secrets management problem with 1Password’s free research report. show more ...
A US cryptocurrency expert has pleaded guilty to conspiring to assist North Korea in evading sanctions, and could now face years in prison. Read more in my article on the Hot for Security blog.
