Researchers are tracking a number of open-source “protestware” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified show more ...
Intelligent automated bots are among the newest weapons in the arsenal of cyber criminals, including those seeking to attack financial institutions, as fraud and intrusions increase exponentially on this attack vector.
Sioux Falls City Council has approved a $10m appropriation toward a Dakota State University (DSU) cybersecurity lab. The funding for the project, which could bring 650 jobs to the Sioux Falls and Madison areas, was approved by a unanimous vote.
Online scammers are bypassing Apple’s App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs.
A severe vulnerability affecting the CRI-O container engine for Kubernetes could be exploited to escape the container and gain root access to the host, CrowdStrike reports.
The malware comes with a keylogger that if activated stores user input in the Default.key file in the Windows System directory. It can also collect Windows system and security product information that is sent on to the C2 server.
The recent Series A funding round of Hackuity was led by Sonae IM and received participation from previous investor Caisse des Dépôts. To date, the company has raised $17.2 million.
Mobile applications with tens of millions of downloads are leaking sensitive user data due to the misconfiguration of back-end cloud databases, according to research by Check Point.
Off-boarding employees can pose challenges for any organization. In the past year, data exfiltration incidents increased due to employees taking data, systems access, or both with them when they exit.
With attackers increasingly deploying automated attack methods, default credentials are the most common passwords used by these bad actors, acting in effect as a ‘skeleton key’ for criminal access.
SolarWinds warned customers of attacks targeting Internet-exposed Web Help Desk (WHD) instances and advised removing them from publicly accessible infrastructure (likely to prevent the exploitation of a potential security flaw).
Analysis of 35,000 cybersecurity professionals inside 400 large organizations reveals it takes 96 days on average to develop the knowledge, skills, and judgment to defend against breaking threats, except with Log4j.
This is the go-to tactic for fake Royal Mail phishing attacks. You receive a text claiming there’s a parcel in your name, waiting for collection. The SMS contains a link to a fake Royal Mail website.
Last month, the state of Utah appeared to be on fast track to enacting the country's fourth comprehensive state data privacy law. Now it looks like the legislation is on the cusp of being passed.
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published updated guidance about how to harden Kubernetes for managing container applications.
Newer versions of the 'node-ipc' package began deleting all data and overwriting all files on developer's machines, in addition to creating new text files with "peace" messages.
The Lapsus$ cyber-crime gang, believed to be based in Brazil, until recently was best known for attacks on that country's Ministry of Health and Portuguese media outlets SIC Noticias and Expresso.
The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found.
The Security Service of Ukraine (SBU) said it has detained a "hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory.
The backdoor infecting all sites is a 2015 Google search SEO-poisoning tool implanted on the wp-config.php to fetch spam link templates from the C2 that are used to inject malicious pages into search results.
The purpose of Trickbot for using MikroTik devices is to create a line of communication between the Trickbot-affected device and the C2 server that standard defense systems in the network are not able to detect.
Security experts linked the activities of Shamoon APT with those behind Kwapirs malware. They said both could be from the same group as they have been collaborating, sharing updates, techniques, and codes for years. Organizations should be ready with countermeasures including reliable anti-malware solutions to thwart such threats.
Researchers spotted the third wiper malware in use against Ukrainian organizations, which destroys user data and partition information from attached drives while also reporting a new phishing attack. The Ukrainian agency has linked the recent activity with the UAC-0056 group with medium confidence.
Botnet activity that drew loud warnings last month from U.S. and U.K. cybersecurity agencies has expanded to a second type of hardware, according to researchers at Trend Micro.
The ransomware landscape witnessed 34 different variants in approximately 722 distinct attacks, with LockBit 2.0, Conti, and PYSA occupying the top three places. In comparison to Q3 2021 data, the attacks on the manufacturing sector have declined while consumer and industrial products rose by 22.2% in Q4. The most affected countries were the U.S., Italy, Germany, France, and Canada.
New B1txor20 botnet is actively exploiting Log4j flaws in Linux systems to create a bot army that helps hackers install rootkits and steal sensitive records. The bot sends the stolen information, results of any command execution, or any other information to its C2 server in form of a DNS request. The malware show more ...
Ubuntu Security Notice 5332-2 - USN-5332-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results.
Ubuntu Security Notice 5333-1 - Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. James Kettle discovered that the Apache HTTP Server show more ...
Ubuntu Security Notice 5332-1 - Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results. It was discovered that Bind incorrectly handled certain crafted TCP show more ...
Ubuntu Security Notice 5321-2 - USN-5321-1 fixed vulnerabilities in Firefox. The update didn't include arm64 because of a regression. This update provides the corresponding update for arm64. This update also removes Yandex and Mail.ru as optional search providers in the drop-down search menu.
Ubuntu Security Notice 5334-1 - It was discovered that man-db incorrectly handled permission changing operations in its daily cron job, and was therefore affected by a race condition. An attacker could possibly use this issue to escalate privileges and execute arbitrary code.
Ubuntu Security Notice 5326-1 - It was discovered that FUSE is susceptible to a restriction bypass flaw on a system that has SELinux active. A local attacker with non-root privileges could mount a FUSE file system that is accessible to other users and trick them into accessing files on that file system, which could result in a Denial of Service or other unspecified conditions.
Red Hat Security Advisory 2022-0947-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the RHEL-8-CNV-4.10 OpenShift Virtualization 4.10.0 image.
Red Hat Security Advisory 2022-0952-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration. Issues addressed include double free and null pointer vulnerabilities.
Red Hat Security Advisory 2022-0951-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-0949-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a privilege escalation vulnerability.
BuilderRevengeRAT malware suffers from an XML injection vulnerability.
BuilderTorCTPHPRAT.b malware suffers from a cross site scripting vulnerability.
BuilderTorCTPHPRAT.b malware suffers from a remote shell upload vulnerability.
BuilderTorCTPHPRAT.b malware suffers from an insecure credential storage vulnerability.
BuilderPandoraRat.b malware suffers from an insecure credential storage vulnerability.
BuilderOrcus malware suffers from an insecure credential storage vulnerability.
BuilderOrcus malware suffers from an insecure permissions vulnerability.
A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. "Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods," CrowdStrike
Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. "By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds
The Security Service of Ukraine (SBU) said it has detained a "hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take the side of
In what's yet another act of sabotage, the developer behind the popular "node-ipc" NPM package shipped a new version to protest Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP
The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. "The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation," Avast researcher Martin Chlumecký said in a report published Wednesday. "One worm
As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident. Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and actions planned out is crucial in successfully
Germany tells consumers to stop using Kaspersky anti-virus products, OSINT reveals a secret government department (with help from an Apple AirTag), and the UK says it's taking a hard line on dick pics. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Chris Kirsch.
A video clip shared on social media yesterday showed what appeared - to anyone who wasn't paying proper attention at least - to be Ukrainian President Volodymyr Zelensky calling on his country's citizens and army to lay down their weapons and surrender to invading Russian forces. In the clip, the deepfake show more ...
With just a few weeks until the April 15 deadline for US individuals and businesses to file their tax returns, scammers are as busy as ever. Read more in my article on the Tripwire State of Security blog.
