When you think you have seen it all, the Internet comes back and proves you wrong. That is also the case when it comes to this weeks episode of the Kaspersky Transatlantic Cable podcast. To start off the podcast, Ahmed, Dave and I discuss a new problem that Roblox is facing. Now, we arent talking bugs or trivial show more ...
Apples AirTags have only been on the market since last spring, but they have already earned a bad reputation for being a way to facilitate criminal activity and track people without their permission. In this article we look closely at how AirTags work and why they can be dangerous. We also tell you how to protect show more ...
In this Expert Insight, Harshil Parikh, CEO of Tromzo, reveals findings from the company's recent State of Modern Application Security Report, a survey of 400 appsec professionals. The post State of Modern Application Security: 6 Key Takeaways For 2022 appeared first on The Security Ledger with Paul F. Roberts. show more ...
Nearly $3 in every $4 paid to a ransomware attack stems from a ransomware strain affiliated with Russian actors, according to a new report from cryptocurrency forensics group Chainalysis.
Ransomware attacks have increased in volume, sophistication and ransom demanded consistently over the last few years. According to published records, the education and retail sector are most targeted.
Since October 2021, ZeroFox Intelligence researchers have been tracking Kraken – a previously unknown botnet targeting Windows that is currently under active development.
The agency claims that paper and electronic records for the system are located in “controlled-access areas” and under supervision to limit access to authorized personnel.
Cisco Talos recently discovered a flaw in Hancom Office — a popular software suite in South Korea — that could allow an attacker to corrupt memory on the targeted machine or execute remote code.
The International Committee of the Red Cross (ICRC) revealed that the attack that breached its network in January was conducted by a nation-state actor that exploited a Zoho vulnerability.
Researchers couldn't determine the original source of the file, named NFT_Items.xlsm. Among the two workbooks of the file, one is written in Hebrew.
First reported in late 2021, Moses Staff is believed to be tied to the Iranian regime, with attacks reported against entities in Israel, Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.
Over the last two years, compromised entities have included cleared defense contractors supporting the U.S. Army, U.S. Air Force, U.S. Navy, U.S. Space Force, and Intelligence Community programs.
US officials released a joint advisory against the BlackByte ransomware actors who are exploiting a known Exchange Server bug to target critical infrastructure. The advisory identifies BlackByte as a RaaS targeting Windows systems, both physical and virtual servers. The advisory by the FBI should be considered seriously and organizations must raise their security barriers high to face threats such as BlackByte.
Cybercriminals are using display name spoofing and stylized HTML templates to lure victims into clicking on phishing links in Outlook 365 and then entering their credentials into fraudulent websites.
Snyk has purchased Cloud Security Posture Management (CSPM) vendor Fugue to help organizations manage compliance and security throughout the software development lifecycle.
A new report by the Office of the Inspector General (OIG) has revealed that Baltimore city was tricked out of hundreds of thousands of dollars last year by a cyber-criminal posing as a vendor.
As per a new update shared by Cybereason Nocturnus Team, the APT group has made improvements in tactics and techniques to target several organizations located across Italy, India, Germany, China, Turkey, the UAE, and the U.S.
The FBI said it had seen an increase in the use of virtual meeting platforms as a way to trick organizations into sending payments to the wrong accounts as part of a type of attack known as BEC scams.
It will create an automated, port-wide “community cyber defense solution” for its stakeholders. It will act as a hub for threat information sharing and provide support with post-incident recovery.
The vulnerability, tracked as CVE-2022-20653, affects the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA.
The DDoS attacks targeted websites belonging to the armed forces, public radio, defense ministry, and the two biggest national banks - Oschadbank and Privatbank.
Corporate IT teams were faced with a 105% growth in ransomware attacks last year to over 623 million, according to SonicWall. Ransomware attack detections surged 232% since 2019.
Microsoft says phishing attacks focused on web3 and the blockchain can take various forms. One of the threats is attackers trying to obtain private keys to access wallets containing digital assets.
Proofpoint discovered a new threat group, dubbed TA2541, targeting entities in the aviation, aerospace, transportation, defense, and manufacturing sectors, since at least 2017. The most delivered RAT in TA2541 campaigns include AsyncRAT, followed by Parallax, NetWire, and WSH RAT. The campaigns are still active and spreading phishing emails to target victims around the world.
The DCMS Annual Cyber Sector Report 2022 revealed more than £1 billion (~$1.36 billion) was raised in external investment over 84 deals during this period by the UK’s cybersecurity industry.
A security researcher has described how abusing permissions in source code management (SCM) repositories can lead to CI poisoning, also known as ‘poisoned pipeline attacks’.
A QKD channel was multiplexed on the same fiber as ultra-high bandwidth 800 Gbps optical channels for the first time and used to provide keys for encryption of the data stream.
Imperva researchers said that the large-scale botnet generated 400 million requests from the IP addresses over four days, comprising around 10 requests per IP per hour on average.
Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web.
Ubuntu Security Notice 5291-1 - It was discovered that libarchive incorrectly handled symlinks. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly use this issue to change modes, times, ACLs, and flags on arbitrary files. It was discovered that libarchive show more ...
Multiple Zyxel devices suffer from buffer overflow, local file disclosure, unsafe storage of sensitive data, command injection, broken access control, symbolic link processing, cross site request forgery, and cross site scripting vulnerabilities.
Red Hat Security Advisory 2022-0491-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.43. Issues addressed include a cross site request forgery vulnerability.
Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder malware suffers from an insecure permissions vulnerability.
Red Hat Security Advisory 2022-0548-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
WordPress Cozmoslabs Profile Builder plugin versions 3.6.1 and below suffer from a cross site scripting vulnerability.
Backdoor.Win32.Prosti.b malware suffers from an insecure permissions vulnerability.
Ubuntu Security Notice 5267-3 - USN-5267-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding updates for the Linux kernel for Raspberry Pi devices. It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2022-0492-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.43.
MartFury Marketplace suffers from a cross site scripting vulnerability.
Email-Worm.Win32.Lama malware suffers from an insecure permissions vulnerability.
Vicidial version 2.14-783a suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2022-0485-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.31. Issues addressed include a code execution vulnerability.
Backdoor.Win32.Prorat.lkt malware suffers from a weak hardcoded password vulnerability.
Red Hat Security Advisory 2022-0493-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.43. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-0546-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Backdoor.Win32.Zombam.b malware suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2022-0547-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Red Hat Security Advisory 2022-0544-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.
Car Portal Template suffers from a cross site scripting vulnerability.
Algorithmia MSOL suffers from a remote code execution vulnerability.
Backdoor.Win32.Zombam.b malware suffers from an information leakage vulnerability.
Red Hat Security Advisory 2022-0543-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.
Zepl Notebook suffers from a sandbox escape vulnerability.
Zepl Notebook suffers from a remote code execution vulnerability.
The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in
State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors (CDCs) to acquire proprietary documents and other confidential information pertaining to the country's defense and intelligence programs and capabilities. The sustained espionage campaign is said to have commenced at least two years ago from January 2020, according
The practice of blurring out text using a method called pixelation may not be as secure as previously thought. While the most foolproof way of concealing sensitive textual information is to use opaque black bars, other redaction methods like pixelation can achieve the opposite effect, enabling the reversal of pixelized text back into its original form. Dan Petro, a lead researcher at offensive
Cybersecurity researchers have unpacked a new Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. "Kraken already features the ability to download and execute secondary payloads, run shell commands, and take screenshots of the victim's system," threat intelligence firm
Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web. To that end, the internet giant said it will work towards building solutions that prevent cross-app tracking à la Apple's App Tracking Transparency (ATT) framework, effectively limiting sharing of
If you haven't heard of the term, you will soon enough. SOC 2, meaning System and Organization Controls 2, is an auditing procedure developed by the American Institute of CPAs (AICPA). Having SOC 2 compliance means you have implemented organizational controls and practices that provide assurance for the safeguarding and security of client data. In other words, you have to show (e.g., document
How does Microsoft hope to defeat the macro terror? How is the UK Government trying to influence the public's opinion on end-to-end encryption? And what is MoviePass hoping to do with your eyeballs? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.
The Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) have joined forces to publish a joint warning that Russian hackers have targeted defence contractors to steal sensitive data. Read more in my article on the Tripwire State of Security blog.
