Working with freelancers has long become a routine for many managers. Even in a large organization, not all tasks can be solved within the team, not to mention small businesses, who usually cannot afford hiring an additional employee. But connecting an outsider to the digital workflow can introduce additional cyber show more ...
Microsoft has added SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure email communication integrity and security for Office 365 customers.
Tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended.
Foresite Cybersecurity, a cyber security innovator, today announced the acquisition of Cyber Lantern into its security monitoring, management, and assessment solutions portfolio.
Adalat Ali group hijacked the web stream of Iran’s state-owned television station, the Islamic Republic of Iran Broadcasting (IRIB), in order to broadcast an anti-regime message earlier this week.
Do you remember the Oski malware that suddenly disappeared in July 2020? Anyway, it is back in the form of Mars Stealer, which is a new and powerful version of Oski. As the name suggests, Mars Stealer steals information from all renowned web browsers, various cryptocurrency wallets and extensions, and 2FA plugins.
A likely Chinese threat actor is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021.
One of UpdateAgent's newest and most potent features is the ability to bypass Apple's built-in Gatekeeper system that is meant to allow only trusted, signed apps to run on Macs.
Morley Companies Inc. disclosed a data breach after falling victim to a ransomware attack on Aug. 1, 2021, according to a security incident notification by the company on Wednesday.
Major oil terminals in some of Western Europe's biggest ports have fallen victim to a cyberattack at a time when energy prices are already soaring, sources confirmed on Thursday.
Based on the initial information from the report by David Álvarez and the findings from Avast researchers, it appears the breach was successfully resolved prior to the start of the games.
The CISA warned of vulnerabilities in the Airspan Networks Mimosa equipment that could be abused for remote code execution, causing a denial-of-service condition, and obtaining sensitive information.
The US Justice Department indicted six India-based call centers and their directors for their alleged role in making tens of millions of scam calls to defraud thousands of American citizens.
The attack, which was discovered on January 20, affected Dow Jones, the Wall Street Journal, the New York Post, News Corp headquarters, and its UK news operations, according to the report.
The acquisition enhances Keeper Security's continued evolution in the identity and access cybersecurity space, particularly in enabling hyper-secure access to remote resources.
Primitive Bear (aka Gamaredon), a sophisticated cybercriminal group hailing from Russia has been caught trying to infiltrate a Western government outfit located in Ukraine.
In the survey, involving 279 executives from US financial institutions, 26% of respondents ranked cybersecurity threats and 21% cited recruiting/retaining employees as their top issues in 2022.
Threat modeling is the process of identifying potential attacks, describing their prospective impact, and prioritizing response and remediation measures, thereby enabling policy-driven cybersecurity.
The proliferation and circulation of sensitive employee data allow attackers to execute a wide range of cyberattacks, including impersonation, account takeover, ransomware, and others.
A state-sponsored Chinese APT group tracked as 'Antlion' has been using a new custom malware backdoor called 'xPack' against financial organizations and manufacturing companies.
The new initiative is one in a string of many by the Biden administration to push public and private collaboration in addressing cyber threats such as Log4j vulnerabilities.
Morphisec identified a new sophisticated campaign using a phishing tactic with an HTML attachment to deliver AsyncRAT for around five months. Moreover, the malware campaign has one of the lowest detection rates, according to VirusTotal. This calls upon the organizations to regularly audit and upgrades their security posture to stay protected.
Swiss airport management service Swissport reported a ransomware attack affecting its IT systems on Friday. The company said its IT infrastructure was targeted by the ransomware attack.
Experts exposed Dark Herring subscription fraud campaign that infected 105 million devices worldwide via 500 malicious apps to steal hundreds of millions of dollars from unsuspecting users. The names of some malicious apps are Smashex, Upgradem, Stream HD, Vidly Vibe, and Cast It. This indicates that sometimes downloading apps from genuine stores does not guarantee the safety of users.
In an industry that operates in anonymity, trust is everything -- but recent accusations of ransomware actors working with or being law enforcement is threatening that work model.
Implementation flaws in Google Drive integrations created server-side request forgery (SSRF) vulnerabilities in a variety of applications, a security researcher has revealed.
A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys.
Microsoft said today that a Russian hacking group known as Gamaredon has been behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021.
Swissport International was hit by a ransomware attack that had a severe impact on its operations causing flights to suffer delays. The company said via Twitter that the attack has been largely contained.
The Department of Homeland Security has announced a new Cyber Safety Review Board bringing together cybersecurity experts from public and private organizations to “review and assess significant cybersecurity events.”
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch their systems against an actively exploited Windows vulnerability that enables attackers to gain SYSTEM privileges.
In early September 2021, Avast threat researcher David Álvarez found a malware sample with a suspicious file extension and a report submitted by the National Games IT team to VirusTotal on an attack against a server associated with the Games.
The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries.
CA Technologies is alerting customers to a vulnerability in CA Harvest Software Change Manager. A vulnerability exists that can allow a privileged user to perform CSV injection attacks and potentially execute arbitrary code or commands. Note that this vulnerability is specific to the Harvest Workbench and Eclipse show more ...
Shopmetrics Mystery Shopping Software SaaS platform versions before v21-11 suffer from broken access control and cross site scripting vulnerabilities.
Voltage SecureMail Server versions prior to 7.3.0.1 suffer from a business logic bypass vulnerability.
Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities.
WAGO 750-8xxx PLC versions prior to Firmware 20 Patch 1 (v03.08.08) suffer from denial of service and user enumeration vulnerabilities.
This Metasploit module exploits privilege escalation in Servisnet Tessa triggered by the add new sysadmin user flow with any user authorization. An API request to "/data-service/users/[userid]" with any low-authority user returns other users' information in response. The encrypted password information is included here, but privilege escalation is also possible with the active sessionid value.
Ubuntu Security Notice 5264-1 - It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. It was discovered that graphviz contains a buffer overflow vulnerability. Exploitation via a specially crafted input file can cause a denial of service or possibly allow for arbitrary code execution.
WBCE CMS version 1.5.2 authenticated remote code execution exploit.
Ubuntu Security Notice 5030-2 - USN-5030-1 addressed vulnerabilities in Perl DBI module. This update provides the corresponding updates for Ubuntu 16.04 ESM. It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information.
Ubuntu Security Notice 5262-1 - The potential for an out of bounds write due to a missing bounds check was discovered to impact the sgdisk utility of GPT fdisk. Exploitation requires the use of a maliciously formatted storage device and could cause sgdisk to crash as well as possibly allow for local privilege escalation.
Red Hat Security Advisory 2022-0438-02 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is an update for JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat JBoss show more ...
This Metasploit module exploits an MQTT credential disclosure vulnerability in Servisnet Tessa. The app.js is publicly available which acts as the backend of the application. By exposing a default value for the "Authorization" HTTP header, it is possible to make unauthenticated requests to some areas of the show more ...
Red Hat Security Advisory 2022-0435-03 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2022-0439-02 - Log4j is a tool to help the programmer output log statements to a variety of output targets. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2022-0437-03 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is an update for JBoss Enterprise Application Platform 6.4. All users of Red Hat JBoss Enterprise Application Platform 6.4 are show more ...
This Metasploit module exploits an authentication bypass in Servisnet Tessa, triggered by add new sysadmin user. The app.js is publicly available which acts as the backend of the application. By exposing a default value for the "Authorization" HTTP header, it is possible to make unauthenticated requests to show more ...
Red Hat Security Advisory 2022-0434-05 - This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, and 4.9, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-0436-03 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
FLAME II MODEM USB suffers from an unquoted service path vulnerability.
Red Hat Security Advisory 2022-0421-02 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Red Hat Security Advisory 2022-0422-02 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
WordPress IP2Location Country Blocker plugin version 2.26.7 suffers from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2022-0431-06 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes a bug fixes, security patches and new feature enhancements.
Red Hat Security Advisory 2022-0430-03 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 7.3.9 replaces Data Grid 7.3.8 and show more ...
Red Hat Security Advisory 2022-0420-02 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday published an Industrial Controls Systems Advisory (ICSA) warning of multiple vulnerabilities in the Airspan Networks Mimosa equipment that could be abused to gain remote code execution, create a denial-of-service (DoS) condition, and obtain sensitive information. "Successful exploitation of these vulnerabilities could
A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation — codenamed "EmailThief" — was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the
A number of India-based call centers and their directors have been indicted for their alleged role in placing tens of millions of scam calls aimed at defrauding thousands of American consumers. The indictment charged Manu Chawla, Sushil Sachdeva, Nitin Kumar Wadwani, Swarndeep Singh, Dinesh Manohar Sachdev, Gaje Singh Rathore, Sanket Modi, Rajiv Solanki and their respective call centers for
The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries. Palo Alto Networks' Unit 42 threat intelligence team, in a new report publicized on February 3, said that the phishing attack took place on January 19, adding it "mapped out three large clusters of
Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. No one knows how long the vulnerability existed before it was discovered. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library widely used to log error messages in applications. Beyond patching, it's helpful
A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by Reuters, citing unnamed sources, noting that "the two rival businesses gained the same ability last year to remotely break into
