On February 13, 2022, EuroGamer published a post reporting the spread of malicious code among users of the Cities: Skylines game. Two days later, the article was updated: nobody was adversely affected, but one of the game mod creators tried to sneak a backdoor into the official store. We looked into this interesting show more ...
This out-of-bounds heap read/write flaw can be exploited by unauthenticated threat actors in low complexity attacks targeting My Cloud devices running vulnerable firmware versions.
Google’s TAG uncovered two attack campaigns by distinct North Korean state actors abusing the same Chrome zero-day. The attacks were aimed at IT organizations, news media, and crypto-banks in the U.S. Organizations are recommended to adopt proactive security measures and implement multiple layers of security to tackle such threats.
Threat actors are hiding Vidar malware in Microsoft Compiled HTML files to avoid detection in email spam campaigns to target victims and harvest their data. This allows the malware to set up its configuration and start data harvesting, including cryptocurrency account credentials and credit card information. The spyware is capable of downloading and executing further malware payloads as well.
Operation Dragon Castling is yet another campaign by a Chinese-speaking APT group targeting betting companies in Southeast Asian countries. One of the malicious files used in this campaign is the MulCom backdoor that is believed to be loaded by a malicious file, CorePlugin. The researchers have spotted notable code similarities between the MulCom backdoor and FFRat malware samples.
A new variant of PlugX RAT, named Hodur, is being used by Mustang Panda against East and Southeast Asian entities, with a few in Europe and Africa too. Its phishing lures include a regional aid map for a European country, updated COVID-19 travel restrictions, and the Regulations of the European Parliament and of the Council. The infection ends with the deployment of the Hodur backdoor on the targeted Windows systems.
Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system.
Threat actors exploited the networks of Horizon Actuarial Services in November, stealing the data belonging to the consulting services vendors and two different client groups.
A rendering technique affecting the world's leading messaging and email platforms, including Instagram, iMessage, WhatsApp, Signal, and Facebook Messenger, allowed threat actors to create legitimate-looking phishing messages.
The cybercrime group behind the development of the Racoon Stealer password-stealing malware has suspended its operation after claiming that one of its developers died in the invasion of Ukraine.
Clear Skye announced that the company has completed a $14 million Series A funding round, bringing total funding for the company to nearly $20 million since its initial seed round in 2020.
Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040 and with a CVSS score of 9.8, that resides in the User Portal and Webadmin areas of Sophos Firewall.
The detail of what has been agreed by the EU and U.S. in principle — and how exactly the two sides have managed to close the gap between what remain two very differently oriented legal systems — is not clear.
During the second half of 2021, cybercriminals launched approximately 4.4 million DDoS attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million, a NETSCOUT report reveals.
Trend Micro investigated Purple Fox’s new arrival vector and early access loaders. Users’ machines seem to be targeted with malicious payloads masquerading as legitimate application installers.
Google is urging users on Windows, macOS, and Linux to update Chrome builds to version 99.0.4844.84, following the discovery of a vulnerability that has an exploit in the wild.
As organizations increase cloud-native adoption, a new Styra report outlines why developers and IT decision-makers need a unified approach to address security and compliance issues.
In an FAQ published last Friday, Okta offered a full timeline of the incident, starting from January 20 when the company learned "a new factor was added to a Sitel customer support engineer's Okta account."
Illuminate Education has not disclosed what, if anything, had been done with the affected data. The Department of Education is asking the NYPD, FBI and state attorney general's office to investigate the hack.
Experts recommend organizations review the Catalog and address the vulnerabilities in their infrastructure. The new vulnerabilities added to the catalog have to be addressed by federal agencies by April 15, 2022.
Thirteen of those incidents involved ransomware, hacks or cyberattacks in which someone infiltrated computer systems, according to data obtained by Newsday through a Freedom of Information Law request.
The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim's ransom negotiations.
The US Federal Communications Commission has added Russian cybersecurity company Kaspersky Lab to its list of entities that pose an “unacceptable risk to US national security,” according to a report from Bloomberg.
The explanation for the “technological issues” appears to be a ransomware attack by Suncrypt, who have added the clinic to their dedicated leak site. Suncrypt claims that they have acquired 350GB+ of files.
On Monday, Checkmarx researchers said they have also been tracking these activities and have recorded over 600 malicious packages published over five days, bringing the total to over 700.
Nearly nine in 10 (86%) organizations believe they have been targeted by a nation-state threat actor, according to a new study by Trellix and the Center for Strategic and International Studies (CSIS).
Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the Philippine Navy.
The number of ransomware attacks reported to the UK’s data protection regulator more than doubled between 2020 and 2021 as the pandemic raged, according to a new analysis.
Off-the-shelves, modern phishing kits are being sold on underground forums that contain several, sophisticated detection avoidance and traffic filtering processes to not be marked as threats. Fake websites impersonating renowned brands are created using phishing kits featuring realistic login pages, brand logos, and in special cases, dynamic web pages.
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers.
While organizations have improved their backup strategy, ransomware groups are responding by exfiltrating sensitive data and threatening to expose it. Cybercriminals are still shifting to living-off-the-land attack techniques.
In-depth whitepaper that casts light on the actual telemetry data sent by Google Play Services, which to date has largely been opaque.
Red Hat Security Advisory 2022-1070-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-1082-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
Red Hat Security Advisory 2022-1073-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
Red Hat Security Advisory 2022-1078-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
Red Hat Security Advisory 2022-1075-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-1068-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-1025-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.6. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-1071-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
Red Hat Security Advisory 2022-1076-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
Red Hat Security Advisory 2022-1069-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-1077-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
Red Hat Security Advisory 2022-1066-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
Red Hat Security Advisory 2022-0577-01 - Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.
Red Hat Security Advisory 2022-1080-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-1065-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
Red Hat Security Advisory 2022-1074-01 - The screen utility allows users to have multiple logins on a single terminal.
Red Hat Security Advisory 2022-1081-01 - Gatekeeper Operator v0.2 Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include security updates, and container upgrades. Red Hat show more ...
Red Hat Security Advisory 2022-1072-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a HTTP request smuggling vulnerability.
Ubuntu Security Notice 5349-1 - It was discovered that GNU binutils gold incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 5348-1 - David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. It was discovered that Smarty was incorrectly sanitizing the paths show more ...
Razer Synapse versions prior to 3.7.0228.022817 suffer from a dll hijacking vulnerability.
Ubuntu Security Notice 5342-1 - David Schwoerer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that Python incorrectly handled certain FTP requests. An attacker could show more ...
Backdoor.Win32.Cafeini.b malware suffers from a hardcoded credential vulnerability.
Covid-19 Directory on Vaccination System version 1.0 suffers from multiple remote SQL injection vulnerabilities. This research was submitted on the same day Packet Storm received similar findings from Saud Alenazi.
The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers said in a report published on
Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report shared with
You don't like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide (at least the good ones), for example, behind layers of proxies, VPNs, or TOR nodes. Their IP address will never be exposed directly to the target's machine. Cybercriminals will always use third-party IP addresses to deliver their attacks. There are
