For the 238th episode of the Transatlantic Cable, Dave, Jeff and Ahmed peruse some of the more interesting cyber-related stories of the week. They start by looking at a light-hearted story around Facebooks metaverse, weddings and Covid. From there, they focus on two cryptocurrency stories. The first one looks at a show more ...
Apple has released an urgent update for iOS and iPadOS that fixes the CVE-2022-22620 vulnerability. They recommend updating devices as soon as possible, as the company have reason to believe that the vulnerability is already being actively exploited by unknown actors. Why vulnerability CVE-2022-22620 is dangerous As show more ...
Microsoft is moving forward with removing the Windows Management Instrumentation Command-line (WMIC) tool, wmic.exe, starting with the latest Windows 11 preview builds in the Dev channel.
The online student portal was down for 17 days, and Ohlone College’s phone and email systems were knocked offline for 10 days. A separate student information system was also impacted.
Siemens this week announced the availability of patches and mitigations for a series of severe vulnerabilities that can be exploited to remotely crash some of the company’s SIMATIC products.
No one outside the IT department cares about the vulnerability metrics, or they shouldn’t, anyway. They care more about the efficacy of the program. And traditional stats don’t show that.
During an attack on Texan cities, the decision not to pay ransom had a surprising knock-on effect: it forced a notorious ransomware gang, the Russia-based REvil, to rethink how it did business.
The UK’s Information Commissioner’s Office (ICO) experienced an astonishing 2650% increase in email attacks during 2021, according to data obtained by Parliament Street think tank via a FOI request.
Apple on Thursday released updates for iOS, iPadOS, macOS, and Safari to fix a WebKit flaw that may have been actively exploited in the wild, making it the third zero-day patch by. Apple this year.
The US Federal Trade Commission on Thursday said that it measured a sharp increase in losses linked to romance scams in 2021, bringing total losses over the last five years to $1.3 billion.
For the past decade, unidentified miscreants have been planting incriminating evidence on the devices of human-rights advocates, lawyers, and academics in India seemingly to get them arrested.
The latest version of the critical infrastructure ransomware attacks (CIRWA) database created by researchers catalogs 1,137 incidents reported between November 2013 and January 31, 2022.
Microsoft addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine.
Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks.
The issues affect the Taiwanese company's MXview web-based network management system versions 3.x to 3.2.2 and collectively, ICS-CERT scored the vulnerabilities a 10.0, its highest criticality score.
According to a recently released Netskope report, Google Drive overtook the top spot from Microsoft OneDrive, which led malicious office document download apps in 2020 with 34%.
What appears to be stolen data belonging to customers of accounting conglomerate Optionis Group has surfaced on the dark web weeks after the firm confirmed intruders had broken into its systems.
Cloudflare has purchased Vectrix to detect and mitigate issues like inappropriate filing sharing and user permission misconfigurations in tools like AWS, Google Workspace and GitHub.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to its catalog of actively exploited vulnerabilities another 15 security issues actively used in cyberattacks.
Salt Security raised $140 million on a $1.4 billion valuation to expand R&D investment, fuel sales and marketing, and more rapidly grow its international operations. The round was led by CapitalG.
The report by Chainalysis also listed the most prolific ransomware groups by total payments received, finding that Conti led the way with at least $180 million made from ransoms.
The attack, which took place on Tuesday, impacted Pop TV’s computer network and prevented the company from showing any computer graphics for the evening edition of 24UR, the station’s daily news show.
Researchers from Proofpoint spotted a new phishing campaign that targeted multiple Middle Eastern governments, foreign-policy think tanks, and a state-affiliated airline, with the new NimbleMamba trojan. NimbleMamba is believed to share some similarities with Molerats’ previous executable LastConn that was first reported in June 2021.
Another massive wave of Magecart attacks was detected by Sansec last week. This attack, once again, highlights the vulnerability of e-commerce sites running outdated software.
Cybersecurity training and certification provider SANS Institute is partnering with Historically Black Colleges and Universities to launch a new nationwide cybersecurity education scholarship program.
CyberNews discovered five malicious domains parading around as The Pirate Bay. These domains served malicious ads to more than seven million users every month by using free content to lure targets.
We are likely to see ransomware actors increasingly target entities in critical infrastructure and cause disruption in the flow of goods and services that are vital to keeping modern society running.
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the show more ...
SIEMENS-SINEMA Remote Connect version 1.0 SP3 HF1 suffers from an open redirection vulnerability.
Red Hat Security Advisory 2022-0507-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as show more ...
The TRS web console allows an authenticated user to remotely manage the BTS and its configuration. Analysis discovered an authentication bypass vulnerability in the web management console. BTS TRS web console version FTM_W20_FP2_2019.08.16_0010 is affected.
Apple Security Advisory 2022-02-10-3 - Safari 15.3 addresses code execution and use-after-free vulnerabilities.
Subrion CMS version 4.2.1 suffers from a cross site request forgery vulnerability.
Apple Security Advisory 2022-02-10-2 - macOS Monterey 12.2.1 addresses code execution and use-after-free vulnerabilities.
Accounting Journal Management System version 1.0 suffers from a remote SQL injection vulnerability.
Apple Security Advisory 2022-02-10-1 - iOS 15.3.1 and iPadOS 15.3.1 addresses code execution and use-after-free vulnerabilities.
Kyocera Command Center RX version ECOSYS M2035dn suffers from a directory traversal vulnerability that allows for file disclosure.
The call for papers for the 24th International Conference on Information and Communications Security (ICICS 2022) has been announced. It will take place at the University of Kent, Canterbury, UK on September 5th through the 8th, 2022.
French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation (GDPR) laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the U.S. is not "
Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. <!--adsense--> Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and
A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant "incriminating digital evidence." Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as "ModifiedElephant," an elusive threat actor that's been operational since at least 2012, whose
