U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX’s systems may have been involved in cyberattacks on U.S. and E.U. show more ...
Groove ransomware gang, which allegedly began growing after Babuk shut down, has made a public appeal in a blog post to other ransomware groups to unite against U.S. targets. The Russian post also tells all the gangs to avoid targeting Chinese companies. All U.S. companies must take cognizance of this to avoid any mishaps.
Gemini Advisory found FIN7 group creating fake cybersecurity companies to employ pentesters for executing malware and ransomware attacks on targeted networks. During the hiring process, attackers offer the applicants multiple tools for practice assignments including some post-exploitation toolkits. People looking for show more ...
Facebook last week filed a lawsuit against a Ukrainian national who allegedly scraped the information of 178 million of its users and then sold the obtained information on hacker forums.
According to researchers, although, the malware collects and sends system information to a C2 server, one of the most notable additions is its ability to bypass Apple’s Gatekeeper security feature.
This year, researchers and cybersecurity firms claimed to have discovered the highest number of zero-days under active exploitation. As per recent data, at least 66 zero-days have been found in use this year.
Researchers have found that many cybercriminals are using packers while authoring malicious JavaScript (JS) code to evade signature-based detection.
“We are looking for a buyer to access the network of this organization and sell data from their network,” reads the message inserted into multiple recent victim listings on Conti’s blog.
A team of security researchers at Huntress discovered a critical security vulnerability in multiple versions of BillQuick Web Suite, a time and billing system from BQE Software.
The fake apps researchers found feature a wide range of categories such as custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, among others.
Jeremy Fleming, the director of GCHQ, said that Britain had seen a significant uptick in ransomware attacks and that the government was looking to use offensive operations to deter future attacks.
Customer data that may have been compromised was limited to name and contact details, said the company, adding that no credit card information and passwords were exposed.
The Australian Federal Police is conducting an internal review to implement a new cyber offensive arm, AFP commissioner Reece Kershaw said at Senate Estimates on Monday morning.
A cybersecurity researcher at ESET, Lukas Stefanko, discovered that the app ‘Squid Wallpaper 4K HD’ contains a notorious ‘Joker’ malware which is being used to infect Android devices.
According to reports in local media and posts on social networks, the cyberattack caused NIOPDC gas stations to show the words “cyebrattack 64411” on their screens earlier in the morning.
The OP code will be applicable to organizations that provide social media services, data brokerage, and any online platform that has had over 2,500,000 unique visitors from Australia in the past year.
The latest incident started on Monday and promptly disrupted all of the operator’s VoIP, broadband, fixed line phone and other connectivity services, causing frustration for its customers.
This Series E funding round of Devo was led by TCV, with participation from General Atlantic, Eurazeo, Bessemer Venture Partners, Insight Partners, Georgian, and Kibo Ventures.
Multiple ransomware gangs have weaponized and are abusing a zero-day in EntroLink VPN appliances after an exploit was released on an underground cybercrime forum at the start of September 2021.
Different approaches provide different levels of security, but one thing they have in common is that they need to instill the appropriate level of trust that they will keep the private key private.
Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser.
Like most businesses, ransomware gangs appreciate efficiency. Ransomware attacks are often low in complexity and highly lucrative. Attackers can put in relatively little effort and get a huge payoff.
The gang has been active since at least 2020 and hit organizations from various industries. The attack vector most used by the ransomware operators are brute force attempts on RDP endpoints.
It provides threat actors with an initial foothold that can be used to facilitate further compromise or other malware infections depending on how attackers choose to attempt to monetize their access.
According to a survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months.
While the TTPs of some threat actors remain consistent over time, relying heavily on social engineering to target organizations or individuals, others refresh their toolsets and extend their scope.
The names of several hundred vulnerable Afghans seeking refuge from the Taliban were recently leaked in emails sent in error by Immigration, Refugees and Citizenship Canada (IRCC), CBC News reported.
Sonrai plans to use new funding to accelerate research and development and expand sales and marketing globally for the company’s industry-leading cloud security platform.
Researchers at Texas A&M University and the University of Florida discovered Gummy Browsers, a new fingerprint capturing and browser spoofing attack. This attack technique can be leveraged to bypass 2FA on auth systems. While security analysts and experts will work toward addressing such threats, users must pay attention to suspicious activities in their digital profiles/ accounts.
After Internet Explorer, Magnitude Exploit Kit has been observed infecting Chromium-based browsers running on Windows OS in a series of attacks. It abuses two flaws: the first one is a remote code execution issue and the other is a privilege escalation bug. Researchers recommend ensuring timely patches and software updates.
Red Hat Security Advisory 2021-4000-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a bypass vulnerability.
Ubuntu Security Notice 5009-2 - USN-5009-1 fixed vulnerabilities in libslirp. This update provides the corresponding updates for Ubuntu 21.10. Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak sensitive information from show more ...
Ultimate POS version 4.4 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2021-3934-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.4.
Linux suffers from a use-after-free read in the SELinux handler for PTRACE_TRACEME.
Vanguard version 2.1 suffers from a cross site scripting vulnerability via a POST.
Isshue Shopping Cart version 3.5 suffers from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2021-3988-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
PHP Melody version 3.0 suffers from a persistent cross site scripting vulnerability in the submitted parameter.
PHP Melody version 3.0 suffers from a persistent Editor related cross site scripting vulnerability.
PHP Melody version 3.0 suffers from a remote SQL injection vulnerability.
PHP Melody version 3.0 suffers from multiple cross site scripting vulnerabilities.
SPA Cart CMS version 2021 suffers from a remote SQL injection vulnerability.
Ubuntu Security Notice 5122-2 - USN-5122-1 fixed a vulnerability in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Apport could be tricked into writing core files as root into arbitrary directories in certain scenarios. A local attacker could show more ...
Red Hat Security Advisory 2021-3987-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.
Ubuntu Security Notice 5124-1 - It was discovered that GNU binutils incorrectly handled certain hash lookups. An attacker could use this issue to cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that GNU binutils incorrectly handled certain corrupt show more ...
BMW Online appears to allow script insertion that can get embedded into emails.
Mult-e-Cart Ultimate version 2.4 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2021-3982-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Sonicwall SonicOS version 6.5.4 suffers from a client-side cross site scripting vulnerability.
WordPress Filterable Portfolio Gallery plugin version 1.0 suffers from a persistent cross site scripting vulnerability.
Simplephpscripts Simple CMS version 2.1 suffers from a remote SQL injection vulnerability.
Simplephpscripts Simple CMS version 2.1 suffers from a persistent cross site scripting vulnerability.
Simplephpscripts Simple CMS version 2.1 suffers from multiple cross site scripting vulnerabilities.
Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, "interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely
A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed "UltimaSMS" — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo
Facebook is suing a Ukrainian man for allegedly stealing the data of more than 178 million users, and then selling it on an underground cybercrime forum. Read more in my article on the Hot for Security blog.
The Conti ransomware gang is outraged that the United States appears to have hacked into the REvil ransomware gang's infrastructure, and knocked it offline...
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps show more ...
