Mobile apps that handle confidential user information should run in a trusted environment — and were talking about more than just banking apps. Aside from money, cybercriminals also seek out loyalty program points, discount cards, cryptocurrency wallets, and more. The creators of such apps can never know how show more ...
It seems Nikolas Sharp undertook to put about $2m into his pocket via a data theft and extortion effort, with a twist of “whistleblower” claims thrown in to confuse investigators for self-exoneration.
Microsoft revealed that its Digital Crimes Unit won court approval to take over websites used by a Chinese gang to attack targets globally – often by exploiting vulnerabilities in Microsoft products.
A total of four local file disclosure vulnerabilities were discovered by security researchers from Bishop Fox in version 20.04.0 of CATIE Web. The latest version of the application is 21.06.0.
LogDNA announced that cybersecurity investment and advisory firm NightDragon will lead a $50m Series D funding round, with participation from existing investors Emergence and Initialized Capital.
Fortinet researchers observed numerous payloads attempting to leverage the CVE-2021-36260 vulnerability to probe the status of devices or extract sensitive data from victims.
The new sandboxing technology in Firefox called RLBox prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks."
SPAR has been forced to close some of its convenience stores in the UK after a cyber-attack on its IT systems. The incident occurred on Sunday and is being investigated by Lancashire Police.
The threat and the impacts are shared: our adversaries target everyone and cybercriminals ransom and hold hostage our businesses, and threaten critical infrastructure relied upon by millions.
Threat actors have abused a legitimate feature of the Google Tag Manager service to secretly add and deploy malicious JavaScript code to more than 300 e-commerce stores since March this year.
Many employees reported anti-work messages sent to the printers of their organizations. The messages encourage workers to protect their rights, discuss their pay with coworkers, and demand better pay.
Twitter verified accounts are now being targeted as part of a large phishing attempt that takes advantage of Twitter’s removal of the verified badge from numerous verified profiles.
The funding round was led by StepStone Group, with participation from existing investors Ten Eleven Ventures, Main Sequence Ventures, Reinventure, Our Innovation Fund, and Turnbull & Partners.
One year after the discovery of the 2021 SolarWinds supply chain compromise, security researchers report two clusters of suspected Russian attack activity targeting global businesses and governments.
Taiwanese hardware vendor QNAP has released a new security advisory today warning users that a new strain of crypto-mining malware is targeting its network-attached storage (NAS) devices.
Flaws in Eltima have been unwittingly inherited by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine. It could provide attackers a path to perform an array of malicious activities.
Smartphone payment provider LINE Pay announced yesterday that around 133,000 users' payment details were mistakenly published on GitHub between September and November of this year.
The state-sponsored hackers have compromised the email accounts belonging to French organizations and used them to orchestrate spear-phishing campaigns aimed at foreign institutions.
Microsoft has always been the target of phishing attacks. A new wave of phishing attacks is using fake Office 365 notifications with an aim to steal victims’ Microsoft credentials.
GitGuardian raised $44 million in Series B funding, bringing the total funds raised to $56 million. The round was led by Eurazeo, with participation from Sapphire, Balderton, BPI, and Fly Ventures.
DoppelPaymer hijacks ProcessHacker and exploits KProcessHacker to kill a list of processes, including both antivirus (AV) and endpoint detection and response (EDR) applications.
Iowa State University and the University of Illinois at Urbana-Champaign will lead a coalition of industry and government partners to train professionals to grow the Midwest's cybersecurity workforce.
Red Hat Security Advisory 2021-4975-02 - The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2021-4971-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Ubuntu Security Notice 5179-1 - It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or show more ...
Ubuntu Security Notice 5178-1 - Sjoerd Job Postmus and TengMA discovered that Django incorrectly handled URLs with trailing newlines. A remote attacker could possibly use this issue to bypass certain access controls.
Red Hat Security Advisory 2021-4969-03 - Mozilla Thunderbird is a standalone mail and newsgroup client.
Red Hat Security Advisory 2021-4953-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Red Hat Security Advisory 2021-4954-04 - Mozilla Thunderbird is a standalone mail and newsgroup client.
Ubuntu Security Notice 5170-1 - A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been updated to 10.3.32 in Ubuntu 20.04 LTS and to 10.5.13 in Ubuntu 21.04 and Ubuntu 21.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
Red Hat Security Advisory 2021-4933-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Ubuntu Security Notice 5142-2 - USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes introduced regressions in name mapping and backups.
Red Hat Security Advisory 2021-4932-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Red Hat Security Advisory 2021-4946-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks." Dubbed "RLBox" and implemented in collaboration with researchers at the University of California San Diego and the University of Texas, the improved protection mechanism is
Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia. The Redmond company attributed the malicious activities to a group it pursues as Nickel, and by the wider cybersecurity industry under the
Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been "unwittingly inherited" by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities. "These vulnerabilities allow attackers to escalate privileges enabling them to disable
Nobelium, the threat actor attributed to the massive SolarWinds supply chain compromise, has been once again linked to a series of attacks targeting multiple cloud solution providers, services, and reseller companies, as the hacking group continues to refine and retool its tactics at an alarming pace in response to public disclosures. The intrusions, which are being tracked by Mandiant under two
Once again video has leaked from inside the UK Government that has put it in hot water.
Supermarket chain Spar has had more than 300 of its convenience stores in the UK affected by a ransomware attack, which has forced some to close their doors or only accept cash payments.
