A group of hackers known as Recursion Team has reportedly been involved in a 2021 scheme that convinced Meta and Apple to share basic customer data. The whole thing was possible after the hackers posed as law enforcement officials, with a report from Bloomberg revealing that both Apple and Meta shared information like show more ...
Google has fixed 28 vulnerabilities by releasing update 100.0.4896.60 for its Chrome browser. At least 9 of them have a high severity rating — adding to CVE-2022-1096, another high severity vulnerability which Google patched with a separate update just a few days ago. So in total, the Chrome developers have released show more ...
Episode 244 of the Transatlantic Cable, Dave and Ahmed look at some of the more unusual infosec stories doing the rounds. Starting out, the team look at one of the more well read stories of the week, which focuses on the arrest of the alleged mastermind of the Lapsus$ gang. Following that, Dave and Ahmed move to a show more ...
Researchers have spotted an updated version of Conti ransomware as part of the global ransomware tracking efforts that allow it to reboot and encrypt the targeted system in Safe Mode. To avoid detection, Conti uses the Murmur3 hashing algorithm, which produces different hash values for all API functions used, which helps avoid security software that searches for the related hash values.
Google this week released a security-themed Chrome 100.0.4896.60 browser makeover with patches for 28 documented vulnerabilities, some serious enough to lead to code execution attacks.
The startup, called Cloaked, said the Series A investment was co-led by Lux Capital and Human Capital and will be used to exit beta and drive growth in a competitive marketplace.
Vulnerabilities in ImpressCMS could allow an unauthenticated attacker to bypass the software’s SQL injection protections to achieve remote code execution (RCE), a security researcher has warned.
A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept (PoC) exploit on GitHub before deleting their account.
The Series A round was led by GGV Capital, while its $6 million seed round, which the company hadn’t previously disclosed, was led by S-Capital. Harmony Partners, Silicon Valley CISO Investments Group, and a number of angels also participated.
According to the CISA notice, successful exploitation of the vulnerability could allow an unauthorized actor to remotely shut down the system if on the healthcare facility’s network.
Around a third (31%) of businesses experience cyber-attacks or breaches at least once a week, according to new figures published in the UK government’s Cyber Security Breaches Survey 2022 report.
This infection contains many stages and largely depends on the C2 server, which stores the required files for each stage. The attacker also uses a password-protected .xls file to lower the detection rate.
Cyera launched from stealth with $60 million in funding, which comes just ten months after Cyera's formation. The financing was led by Sequoia Capital, alongside Accel, and Cyberstarts.
Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue relates to a bug that arises when parsing security certificates to trigger a denial-of-service condition and remotely crash unpatched devices.
The widely used Zlib data-compression library finally has a patch to close a vulnerability that could be exploited to crash applications and services — four years after the vulnerability was first discovered but effectively left unfixed.
Threat analysts have discovered a new obfuscation technique used by the Hive ransomware gang, which involves IPv4 addresses and a series of conversions that eventually lead to downloading a Cobalt Strike beacon.
A subsequent investigation led to the discovery on February 25 that “certain impacted files” containing members’ personal information may have been removed from the network by unauthorized parties.
The operation, called “Eagle Sweep”, lasted for three months, starting in September 2021, and resulted in the arrest of 65 suspects in the United States, Nigeria, South Africa, Cambodia, and Canada.
The PHC’s website currently (March 31) shows a holding page with a message stating that it has recently became aware of anomalous activity on certain computer systems within its network.
The malware operator exclusively used compromised web servers located in South Korea for this attack. The threat actor configured this infrastructure with servers set up as multiple stages.
President Biden reaffirmed the U.S. threat of new sanctions against Russia in case of an escalation or invasion, to which Putin responded with a warning of his own that such a U.S. move could lead to a complete rupture of ties.
The attack targets the Combined Charging System (CCS) — a widely used DC rapid charging technology — and it interrupts the communication between the charger and the vehicle.
Toward the end of February, INKY detected a credential harvesting operation that abused Calendly, a freemium calendaring hub, by inserting malicious links on calendly.com event invitations.
Anonymous continues to target Russian organizations and foreign businesses that are still operating in the country. Now, it claims to have hacked the Russian investment firm Thozis Corp, which is owned by the oligarch Zakhar Smushkin.
The United States Federal Bureau of Investigation (FBI) is currently investigating more than 100 different variants of ransomware, many of which have been used in multiple ransomware campaigns.
The exposed information included, names and (business) contact information of the person creating support tickets, conversations between Palo Alto Networks staff members and the customer.
The flaw, which has a CVSS rating of 9.8, arose because valid search operators were not defined, according to the CVE description for the bug, which is tracked as CVE-2022-0757.
Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions. Users are recommended to upgrade to versions 5.3.18 or later and 5.2.20 or later.
According to a report by Unit 42, the average ransom demand rose 144% to $2.2 million in 2021. The average ransom payment rose 78% to $541,010. Thirty-five new ransomware gangs popped up in 2021.
SunCrypt—a RaaS that came to prominence in mid-2020—was one of the first threat actors to implement triple extortion in its campaigns. It is a small RaaS, operating with a close circle of affiliates.
The U.K. NCSC has urged the public sector, critical infrastructures (CNI) and other organizations to reconsider the potential risks associated with any “Russian-controlled” parts of their supply chain.
Hostile hacking groups are exploiting Russia's invasion of Ukraine to carry out cyberattacks designed to steal login credentials, sensitive information, money, and more from victims around the world.
Ubuntu Security Notice 5359-1 - Danilo Ramos discovered that rsync incorrectly handled memory when performing certain zlib deflating operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code.
Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attacker can gain remote show more ...
Ubuntu Security Notice 5356-1 - Alexandre Bartel discovered that DOSBox incorrectly handled long lines in certain files. An attacker could possibly use this issue to execute arbitrary code. Alexandre Bartel discovered that DOSBox incorrectly performed access control over certain directories. An attacker could possibly use this issue to execute arbitrary code.
IdeaRE RefTree versions prior to 2021.09.17 suffer from a path traversal vulnerability.
IdeaRE RefTree versions prior to 2021.09.17 suffer from a remote shell upload vulnerability.
Ubuntu Security Notice 5358-1 - It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the IPsec implementation in the Linux show more ...
Chrome has an issue where a malformed message sent to DeserializeFromMessage may trigger deserialization of out-of-bounds data.
Ubuntu Security Notice 5357-1 - It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5355-2 - USN-5355-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.
EG Free AntiVirus version 2020 suffers from an unquoted service path vulnerability that can lead to privilege escalation.
Spoofer version 1.4.6 suffers from an unquoted service path vulnerability that can lead to privilege escalation.
Ubuntu Security Notice 5355-1 - Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5354-1 - It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. It was discovered that Twisted incorrectly processed SSH handshake data on connection show more ...
Medical Hub Directory Site version 1.0 suffers from a remote blind SQL injection vulnerability. This research was submitted on the same day Packet Storm received similar findings from Saud Alenazi.
Message System version 1.0 suffers from a remote SQL injection vulnerability that can lead to remote code execution.
Message System version 1.0 suffers from a persistent cross site scripting vulnerability.
A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept (PoC) exploit on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit (JDK) versions 9 and later and is a bypass for another
Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library. "An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the company said in an advisory published on March 29, 2022. "If exploited, the vulnerability allows
Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for nearly three years after the initial discovery. The security flaws relate to an authentication bypass (CVE-2019-9564), a remote code execution bug
Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser. "The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the
A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social
The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system. Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions. Users
Strange goings-on on LinkedIn, Ukraine publishes a list of alleged Russian FSB agents, and police in Pittsburgh investigate an odd report of an active shooter. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.
The FBI is calling on members of the public to help it uncover members of an increasingly-notorious cybercrime gang.
