The onset of COVID-19 accelerated growth of the digital nomad. No longer just for bloggers and influencers, the global workforce is increasingly becoming more highly connected and widely dispersed. As workforces become more globally linked, businesses large and small need to protect themselves from evolving threats. show more ...
To start off this weeks episode of the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I talk cryptocurrency. Unlike most of our chats on the digital currency, we focus 146% on the criminal aspect of it. More accurately, our conversation centers on a new report of the nearly $400 million North Korea is alleged show more ...
Cisco Talos unearthed a new malware campaign involving variants of three RATs, namely NetWire, Nanocore, and AsyncRAT, spreading via public cloud infrastructure. The attackers have used complex code and secured malware using several layers of obfuscation. The campaign targets entities based in countries, including the U.S., Italy, Singapore, and Canada.
A major crackdown on cybercriminals in Russia as authorities arrested members of the REvil group, infamous for a supply chain attack against Kaseya, and a ransomware attack against JBS Foods. Police arrested 14 alleged members of the group by raiding at 25 addresses in Moscow, St. Petersburg, and several regions. The show more ...
eSentire analysts found GootLoader operators attacking three law firms and one accounting firm and downloading malicious business agreements and other documents. One of the hacker's malicious website was found hosting 150 rogue pages for users searching for intellectual property and postnuptial agreements. The ultimate goal of GootLoader supposedly is to gather intelligence.
The CISA added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog, three of which need to be remediated by federal civilian agencies before January 24. The list contains known vulnerabilities in multiple products from various vendors, including Oracle, Hikvision, FatPipe, VMware, Palo Alto Networks, show more ...
Since Google and OpenSSF's July 2021 announcement of Scorecards V2, the Scorecards project has grown steadily to over 40 unique contributors and 18 implemented security checks.
The memo places the National Security Agency (NSA) in a role similar to the one the Cybersecurity and Infrastructure Security Agency (CISA) plays among federal civilian agencies.
In addition to their short lifespan, the malware has not been widely distributed in these campaigns — up to 100 devices were infected, including 40-45% ICS-related devices.
New research by WEF found that ransomware attacks rose by 151% in 2021. There were nearly 270 cyberattacks per organization, with each successful security breach costing a company over $3.6 million.
Tracked as CVE-2021-35247, the issue is an input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation.
To evade detection and triggering security warnings, BHUNT is packed and heavily encrypted using Themida and VMProtect, two VM packers that hinder reverse-engineering and analysis by researchers.
In a new report, Blockchain security firm CertiK noted that the most common vein of security problems in its 1,737 audits of decentralized finance (DeFi) projects last year was centralization itself.
The ICRC told ZDNet that it was not a ransomware attack, but in their statement, they said they were forced to shut down the systems underpinning a program called "Restoring Family Links."
Because the platform follows an approach of loose moderation, only censoring extremist content, cybercriminals find it reasonably easy to abuse it to promote their nefarious purposes.
While RRD initially said they were not aware of any client data stolen during the attack, on January 15th, the Conti ransomware gang began leaking 2.5GB of data allegedly stolen from RRD.
A supply chain vulnerability in the SAP transport system that allows attackers to infiltrate the change management or software deployment process has been identified by a German cybersecurity firm.
The FBI and other US agencies are looking to counter cyber threats through tools other than criminal indictments, the head of the FBI’s cyber division said in an interview with The Associated Press.
CISA is now urging business leaders and U.S. organizations to take the steps mentioned in the CISA Insights bulletin to prevent similar destructive attacks on their networks.
Cryptocurrency has long been a popular target for organized cybercriminals, whether stealing it outright from cryptocurrency exchanges, or demanding it as an extortion payment in ransomware attacks.
Cisco has fixed a critical security vulnerability discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software during internal security testing.
Experts claim that OceanLotus's campaign is actively using web archive files in its attacks that involves web archive file laden with a malicious Word doc. The malware collects different information, such as network adapter, a list of system directories and files, username, computer name, and checks other show more ...
The NCSC urged businesses to do their part in protecting consumers and fighting scams, and the main way to achieve this is by making legitimate and fraudulent communications easier to discern.
Organizations looking to minimize exposure to exploitable software should scan Twitter for mentions of security bugs as well as use the Common Vulnerability Scoring System or CVSS, Kenna Security argues.
Researchers from Cider Security discovered that the code review bypass risk was present even for organizations that had not enabled the recently introduced GitHub Actions feature.
The feature improves user security on the Internet with the help of Hardware-enforced Stack Protection, Arbitrary Code Guard (ACG), and Content Flow Guard (CFG), according to a Microsoft document.
A cyberattack that has knocked out parts of a council website has been linked to the work of Russian hackers. The Council became aware that its IT systems had been affected on 20 December last year.
ECRI named cyberattacks as the No. 1 health tech hazard, following the momentum over 2021 around patient safety risks posed by security incidents that can lead to healthcare delivery disruptions.
A report shared by Crowdstrike recently highlights the rising threats on Linux-based operating systems. Researchers noted that there has been a 35% rise in Linux-based malware in 2021 as compared to 2020.
Datto acquired threat detection and response company Infocyte, extending its security capabilities that protect, detect, and respond to cyber threats found within endpoints and cloud environments.
A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity, 16 high-severity, and five medium-severity issues.
Earlier this week, Multichain, a platform that allows users to swap tokens between blockchains publicly announced that there was a flaw that made accounts vulnerable to hackers.
Biden's comments come after Ukrainian officials told journalist Kim Zetter that dozens of systems within at least two government agencies were wiped during a cyberattack last week.
When it comes to cyber threats, insurers are increasingly finding themselves the victims of a merciless onslaught from data thieves, ransomware groups, hacktivists and even nation-states.
Security analysts have discovered and linked MoonBounce, "the most advanced" UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group (also known as Winnti).
Cybercriminals looking to capitalize on the Log4Shell vulnerability are attacking devices from SolarWinds and ZyXEL that are known to have used the Log4j library inside their software.
While the ever-evolving technological landscape has connected the IT and OT sides of the business, it has also left ICS networks exposed to threats impacting IT systems.
Red Hat Security Advisory 2022-0205-02 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.2.3 replaces Data Grid 8.2.2 and show more ...
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
This Metasploit module exploits a command injection vulnerability in Grandstream GXV3175 IP multimedia phones. The settimezone action does not validate input in the timezone parameter allowing injection of arbitrary commands. A buffer overflow in the phonecookie cookie parsing allows authentication to be bypassed by show more ...
VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtual appliance and show more ...
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Red Hat Security Advisory 2022-0083-03 - This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include code execution and denial of service vulnerabilities.
Red Hat Security Advisory 2022-0216-06 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include code execution and denial of service vulnerabilities.
Ubuntu Security Notice 5243-1 - David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5242-1 - It was discovered that Open vSwitch incorrectly handled certain fragmented packets. A remote attacker could possibly use this issue to cause Open vSwitch to consume resources, leading to a denial of service.
Ubuntu Security Notice 5021-2 - USN-5021-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 16.04 ESM. Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations.
Red Hat Security Advisory 2022-0203-03 - The releases of Red Hat Fuse 7.8.2, 7.9.1 and 7.10.1 serve as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot and includes security fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.
Red Hat Security Advisory 2022-0202-04 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Red Hat Security Advisory 2022-0191-03 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.2 images.
Red Hat Security Advisory 2022-0199-02 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Ubuntu Security Notice 5241-1 - It was discovered that QtSvg incorrectly handled certain malformed SVG images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause QtSvg to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5240-1 - William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.
Red Hat Security Advisory 2022-0190-04 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2022-0188-07 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a heap overflow vulnerability.
Red Hat Security Advisory 2022-0114-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.41.
Red Hat Security Advisory 2022-0186-07 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include heap overflow and privilege escalation vulnerabilities.
Red Hat Security Advisory 2022-0187-04 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include heap overflow and privilege escalation vulnerabilities.
Ransomware Builder Babuk malware suffers from an insecure permissions vulnerability.
A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a
A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an "input validation vulnerability that could allow attackers to build a query given some input and send that query
A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with
Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can
An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impact both
To his victims he was "Tony Eden", a middle-aged white man looking for love online, while working overseas for a drilling company. But in reality he was a school caretaker called Osagie Aigbonohan, originally from Lagos, Nigeria, and part of a criminal gang with links to the notorious Black Axe group. Read more in my article on the Tripwire State of Security blog.
Carole's still on jury service, but the show must go on! We take a look at how some Tesla owners are at risk of having their expensive cars remotely hijacked, and why YouTubers are up in arms over NFTs. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
