For many companies, threat intelligence means only indicators of compromise data and information on specific cybercriminal tools. But in fact, threat intelligence implies a much deeper knowledge about threat actors, including tracking their activity on the network. Sometimes this information allows you to not only to show more ...
Security researchers with Qualys have discovered several vulnerabilities affecting Canonical's Snap software packaging and deployment system and urged users to apply patches.
Intel has released software and firmware updates to address many vulnerabilities found in the company’s products. It released 22 security advisories, including seven with a severity rating of “high.”
Updates have been released for UpdraftPlus, a WordPress plugin with over 3 million installations, after a vulnerability was discovered by security researcher Marc Montpas.
One company, stage, or process with insufficient security makes the entire chain more vulnerable to hackers and can open up a huge amount of risk when we consider the size and value of global chains.
Malicious hackers are targeting Office 365 users with a spare of ‘MFA fatigue attacks’, bombarding victims with 2FA push notifications to trick them into authenticating their login attempts.
A researcher last week noted that Brave had blocked a Chrome extension called L.O.C. out of concern it exposed the user's Facebook data to a third-party server without any notice or permission prompt.
A total of 28,695 vulnerabilities were disclosed in 2021, according to a report from Risk Based Security. It puts the amount of risk that organizations and security teams face on full display.
Extend Fertility was hit with ransomware in the month of December 2021. The clinic hired third-party digital forensic specialists to determine the incident's nature and scope.
Researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than 2020, a 105% increase. Ransomware volume has risen 232% since 2019.
When the victim downloads the payload, it leads to the installation of multiple malware payloads on the victim's system, allowing the threat actor to establish backdoors and/or steal user information.
Cisco devices are used throughout the DoD, the defense industrial base, and national security systems, and any unsecured credentials on these devices could lead to entire networks getting compromised.
Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot.
A group of researchers published “Face-Mic,” the first work examining how voice command features on virtual reality headsets could lead to major privacy leakages, known as eavesdropping attacks.
Tracked as CVE-2022-24087, the issue is rated 9.8 on the CVSS vulnerability scoring system and relates to an "Improper Input Validation" bug that could result in the execution of malicious code.
The Cofense Phishing Defense Center (PDC) has observed a new phishing campaign that harvests Microsoft credentials by impersonating Power BI emails as its a trusted software.
The affiliate program offers cybersecurity solution providers a critical head-start in incorporating the center’s research and development (R&D) resources into their product or service offerings.
Researchers at cybercrime and adversarial disruption company Advanced Intelligence noticed that in 2021 Conti had become the only beneficiary of TrickBot’s supply of high-quality network accesses.
The master decryption keys for Maze, Egregor, and Sekhmet ransomware victims were released, as claimed, by one of the developers of the three ransomware. The poster on the forum said that this was a planned leak and did not have any relation to law enforcement operations. Though, experts suspect that the release of keys could be an attempt to trick law enforcement agencies.
Check Point disclosed that an updated version of the TrickBot malware is targeting customers of 60 financial and technology firms primarily located in the U.S. Researchers believe that the actual victims are not the brands themselves but their customers. The malware stands as a priority threat, requiring continuous monitoring and tracking by the security community around the globe.
SentinelOne observed the potentially destructive Iran-linked APT group TunnelVision actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers.
Element Vape's website was found loading a malicious JavaScript file from a third-party website that appears to contain a credit card stealer, as reported by BleepingComputer.
Palo Alto Networks unearthed an ongoing email campaign by Emotet operators, which now propagates through malicious Excel files while also implementing other obfuscation techniques. For this, attackers have used email thread hijacking and some other attack tactics. Experts revealed they have been delivering an Excel file with an obfuscated Excel 4.0 macro via socially engineered emails since December 2021.
SonarSource researchers, who discovered the bugs, noted that Zabbix is a high-profile target for threat actors due to its popularity, features, and its privileged position in most company’s networks.
The vulnerability is tracked as CVE-2022-22945 and it has a CVSS score of 8.8. VMware described it as a CLI shell injection vulnerability affecting the product’s NSX Edge appliance component.
Ubuntu Security Notice 5295-1 - It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered a race condition in the Unix domain socket show more ...
WordPress MasterStudy LMS plugin version 2.7.5 suffers from a missing access control allowing an unauthenticated party the ability to create an administrative account.
WordPress UpdraftPlus versions 1.16.7 through 1.22.2 suffer from a backup disclosure vulnerability.
Ubuntu Security Notice 5292-3 - USN-5292-1 fixed several vulnerabilities in snapd. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue show more ...
WordPress dzs-zoomsounds plugin version 6.60 suffers from a remote shell upload vulnerability.
Ubuntu Security Notice 5292-2 - USN-5292-1 fixed vulnerabilities in snapd. This update provides the corresponding update for the riscv64 architecture. James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information.
Fortinet Fortimail version 7.0.1 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5294-1 - It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Szymon Heidrich discovered that the USB Gadget subsystem in the show more ...
Ubuntu Security Notice 5292-1 - James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local show more ...
Hotel Druid version 3.0.3 suffers from a remote code execution vulnerability.
Red Hat Security Advisory 2022-0580-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a traversal vulnerability.
Whitepaper called OPENSSLDIR - The adventures of hidden folder to privilege escalation.
Cosmetics and Beauty Product Online Store version 1.0 suffers from a remote SQL injection vulnerability.
Cosmetics and Beauty Product Online Store version 1.0 suffers from an html injection vulnerability that may allow for cross site scripting attacks.
64 bytes small Solaris/SPARC setuid(0) + chmod (/bin/ksh) + exit(0) shellcode.
60 bytes small Solaris/SPARC setuid(0) + execve (/bin/ksh) shellcode.
Linux/MIPS N32 MSB reverse shell shellcode that showcases various techniques to avoid badchars.
Solaris/SPARC chmod() shellcode with a max size of 36 bytes.
TOSHIBA DVD PLAYER Navi Support Service version 1.00.0000 suffers from an unquoted service path vulnerability.
Bluetooth Application version 5.4.277 suffers from an unquoted service path vulnerability.
File Sanitizer for HP ProtectTools version 5.0.1.3 suffers from an unquoted service path vulnerability.
Intel Management Engine Components version 6.0.0.1189 suffers from an unquoted service path vulnerability.
Connectify Hotspot 2018 suffers from an unquoted service path vulnerability.
Wondershare Dr.Fone version 11.4.9 suffers from an unquoted service path vulnerability.
Wondershare MobileTrans 3.5.9 suffers from an unquoted service path vulnerability.
A "potentially destructive actor" aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group "TunnelVision" owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus
These days, businesses all around the world have come to depend on cloud platforms for a variety of mission-critical workflows. They keep their CRM data in the cloud. They process their payrolls in the cloud. They even manage their HR processes through the cloud. And all of that means they're trusting the bulk of their privileged business data to those cloud providers, too. And while most major
Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance (ESA) that could result in a denial-of-service (DoS) condition on an affected device. The weakness, assigned the identifier CVE-2022-20653 (CVSS score: 7.5), stems from a case of insufficient error handling in DNS name resolution that could
Adobe on Thursday updated its advisory for an actively exploited zero-day affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution. <!--adsense--> Tracked as CVE-2022-24087, the issue – like CVE-2022-24086 – is rated 9.8 on the CVSS vulnerability scoring system and relates to an "Improper Input Validation" bug
Multiple security vulnerabilities have been disclosed in Canonical's Snap software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating systems that use the Linux kernel and can be installed using a tool called snapd. <!--adsense--> Tracked
Microsoft has warned of emerging threats in the Web3 landscape, including "ice phishing" campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it's still in its early stages. The company's Microsoft 365 Defender Research Team called out various new avenues through which malicious actors may attempt to trick
Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot. "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot, and is being distributed," South Korean cybersecurity company AhnLab Security Emergency Response Center (
A new tool makes crystal clear that it's a big mistake to redact text by pixelating it.. or indeed blurring it, or even applying a "swirl" filter. Read more in my article on the Hot for Security blog.
