You can find about a million tips on how to keep a startup afloat on the Internet. Usually advisers draw attention to the issues of business planning, marketing strategy, attracting additional investment and so on, but articles rarely talk about the problem of building a solid cybersecurity system. However, the lack show more ...
Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month’s relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that show more ...
A politically motivated APT group has expanded its malware arsenal to include a new remote access trojan (RAT) in its espionage attacks aimed at Indian military and diplomatic entities.
Researchers at Pen Test Partners explored the system and found that they could try out parcel codes on API calls and get back OpenStreetMap addresses with the recipient’s position on the map.
CVE-2021-38008 is a use-after-free vulnerability that triggers if the user opens a specially crafted web page in Chrome that could lead to the execution of remote code on the targeted machine.
Microsoft is temporarily disabling the MSIX ms-appinstaller protocol handler following evidence that a vulnerability in the installer component was exploited by attackers to deliver various malware.
A vulnerability in the CMS of cryptocurrency news site CoinDesk allowed hackers “to trade on nonpublic information ahead of the publication of at least one article,” according to the publication.
The widespread malware known as Qbot has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection.
Java applications are deployed everywhere using this logging tool. Hundreds of vendors are known to be vulnerable. This vulnerability received the maximum CVSS score which is a very rare occurrence.
There was an 85% year-on-year increase in attacks targeting logins or account creation in 2021 as bot-driven fraud attempts soared, according to a new study by Arkose Labs.
Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021.
Last month, Bulgarian police took down a financial crime ring that was responsible for stealing over $11.4 million. Experts say that this could be happening in the US targeting financial customers.
Researchers at ThreatFabric found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot, resulting in high-volume, side-by-side campaigns.
Credit reporting agency Equifax finalized a settlement for a 2017 breach that affected over 147 million US citizens and 15 million Brits. Equifax first admitted the massive breach in September 2017.
There was no evidence of financial loss or misuse of customer data, HKTV says, adding it will take responsibility for any unauthorized purchases made as a result of the breach.
The suspect pleaded guilty in front of a judge after he was arrested by Canadian police in January 2021 as part of an international law enforcement crackdown against NetWalker.
For documents coming from unknown or untrusted sources, Microsoft blocks macros by default, but users have the option to enable them by clicking on a yellow warning at the top of the document.
The first part of the update arrives on devices as the 2022-02-01 patch level and delivers fixes for 15 security holes in three components, namely Framework, Media framework, and System.
Arlington, VA-based OT security firm Shift5 has raised $50 million in a Series B funding round led by Insight Partners. The firm provides security for the OT within and used by critical vehicles.
Vodafone Portugal said today that a large chunk of its customer data services went offline overnight following “a deliberate and malicious cyberattack intended to cause damage and disruption.”
Czech security firm Avast has released today a free utility that can help victims of the TargetCompany (Tohnici) ransomware recover their files without paying the ransom demand.
"The cost and risk of executing ransomware attacks are up, and if this trend continues, we expect to see the aggregate volume of attacks begin to decrease," said researchers at Coveware.
HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks.
Cybercriminals have found a way to abuse text-based CSV files in a phishing campaign that pretends to be Payment Remittance Advice to install BazarBackdoor malware on users' systems. In the past two days, researchers have spotted 102 actual non-sandbox corporations, along with government victims. Organizations are warned to stay aware of this threat and its techniques and prepare a defense mechanism.
Microsoft shared new information on Gamaredon, also known as ACTINIUM, which has been responsible for a plethora of spear-phishing attacks against Ukrainian organizations since October 2021. One of the techniques used by Gamaredon was sending spear-phishing emails containing malicious macro as attachments that use remote templates.
Researchers have detected new activity of Roaming Mantis; attackers have modified the Android trojan Wroba to target Android and iPhone users in Germany and France to steal credentials. Germany and French officials have alerted users about smishing messages with package notifications and compromised websites being used as landing pages.
The xPack backdoor allowed the threat actors to remotely run WMI commands, interact with SMB shares to transfer files, and browse the web by using the backdoor as a proxy to hide their IP addresses.
Researchers found 1,300 malicious npm packages that could help hackers trigger supply chain attacks and steal credentials and cryptocurrency, as well as run botnets. The report states that 57% of attacks happened during three days of the week - Friday, Saturday, and Sunday. It is recommended to practice utmost caution regarding attacks that seek to abuse dependency confusion in npm.
The FBI released an alert containing technical details and IOCs associated with LockBit ransomware to restrict its action whenever spotted in a victim’s network. It also asked admins and cyber teams to share attack-related data, going forward. Follow the flash alert that offers defense tips to stay protected.
An examination of a pay-per-install loader called PrivateLoader has highlighted its place in the deployment of popular malware strains including Smokeloader, Redline, and Vidar.
An APT hacking group operating with motives that likely align with Palestine has embarked on a new campaign that leverages a previously undocumented implant called NimbleMamba.
This Metasploit module uses QEMU's Monitor Human Monitor Interface (HMP) TCP server to execute system commands using the migrate command. This module has been tested successfully on QEMU version 6.2.0 on Ubuntu 20.04.
Ubuntu Security Notice 5276-1 - It was discovered that the NVIDIA graphics drivers incorrectly handled permissions in the kernel mode layer. A local attacker could use this issue to write to protected memory and cause a denial of service.
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals show more ...
This Metasploit module exploits the mishandling of a password reset in JSON for Strapi CMS version 3.0.0-beta.17.4 to change the password of a privileged user.
PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities.
Wing FTP Server versions 4.3.8 and below suffer from an authenticated remote code execution vulnerability.
Ubuntu Security Notice 4754-5 - USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177 in Ubuntu 14.04 ESM. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.
WordPress Simple Job Board plugin version 2.9.3 suffers from a local file inclusion vulnerability.
Hotel Reservation System version 1.0 suffers from a remote SQL injection vulnerability.
171 bytes small Windows/x86 shellcode with a new method to find the kernel32 base address by walking down the stack and look for a possible Kernel32 address using a custom SEH handler. Each address found on the stack will be tested using the Exception handling function. If it's valid and starts with 7, then it's a possible kernel32 address.
WordPress Contact Form Builder plugin version 1.6.1 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5275-1 - Ziming Zhang discovered that BlueZ incorrectly handled memory write operations in its gatt server. A remote attacker could possibly use this to cause BlueZ to crash leading to a denial of service, or potentially remotely execute code.
WordPress CP Blocks plugin version 1.0.14 suffers from a persistent cross site scripting vulnerability.
WordPress Security Audit plugin version 1.0.0 suffers from a persistent cross site scripting vulnerability.
FileBrowser versions 2.17.2 and below suffer from a cross site request forgery vulnerability that can lead to remote code execution.
The wide-ranging adoption of cloud facilities and the subsequent mushrooming of organizations' networks, combined with the recent migration to remote work, had the direct consequence of a massive expansion of organizations' attack surface and led to a growing number of blind spots in connected architectures. The unforeseen results of this expanded and attack surface with fragmented monitoring
Microsoft on Monday said it's taking steps to disable Visual Basic for Applications (VBA) macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector. "Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered,
Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies, is a universal Windows
Two different Android banking Trojans, FluBot and Medusa, are relying on the same delivery vehicle as part of a simultaneous attack campaign, according to new research published by ThreatFabric. The ongoing side-by-side infections, facilitated through the same smishing (SMS phishing) infrastructure, involved the overlapping usage of "app names, package names, and similar icons," the Dutch mobile
An advanced persistent threat (APT) hacking group operating with motives that likely align with Palestine has embarked on a new campaign that leverages a previously undocumented implant called NimbleMamba. The intrusions leveraged a sophisticated attack chain targeting Middle Eastern governments, foreign policy think tanks, and a state-affiliated airline, enterprise security firm Proofpoint said
A detailed examination of a Pay-per-install (PPI) malware service called PrivateLoader has revealed its crucial role in the delivery of a variety of malware such as SmokeLoader, RedLine Stealer, Vidar, Raccoon, and GCleaner since at least May 2021. Loaders are malicious programs used for loading additional executables onto the infected machine. With PPI malware services such as PrivateLoader,
A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time. Dubbed Roaming Mantis, the latest spate of activities observed in 2021 involve sending fake shipping-related texts containing a URL to a landing page from where Android
Last month, as North Korea's supreme leader Kim Jong-un oversaw a series of sabre-rattling hypersonic missile tests, cyber attacks disrupted the country's internet infrastructure. But who was responsible? Read more in my article on the Hot for Security blog.
