Researchers have discovered a critical vulnerability CVE-2022-22965 in Spring, an open source framework for the Java platform. Unfortunately, details about the vulnerability were leaked to the public before the official announcement was published and the relevant patches were released. The vulnerability immediately show more ...
On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate’s most tech-savvy lawmakers said he was troubled by the report show more ...
Russia-Ukraine conflict grew grimmer as researchers found three separate attack incidents of DDoS, malicious tools, and infrastructure disruption, that were launched against Ukraine. One of the attacks has hit the fixed-line telecommunications firm, Ukrtelecom. There could be more cyberattacks launched targeting show more ...
The extended national emergency declaration comes after the CISA released a warning regarding possible Russian state-sponsored cyberattacks against U.S. organizations following sanctions imposed as a result of the ongoing invasion of Ukraine.
Russia is preparing disruptive cyberattacks that could target U.S. energy and financial industries to cause further pain to the Biden administration, in retaliation for heavy sanctions, several people familiar with the matter told Foreign Policy.
While examining alerts and telemetry, FortiGuard Labs noticed several infiltrations into victim networks that were achieved via Log4Shell exploitation of vulnerable VMware Horizon servers.
BlackGuard, which is sold as malware-as-a-service, has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients.
The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. Both the vulnerabilities have been reported to Apple anonymously.
"The flaw could allow an attacker to bypass the authentication and obtain administrative access to the device," the company said. The flaw has been assigned the identifier CVE-2022-0342 and is rated 9.8 out of 10 for severity.
Using the Azure Static Web Apps platform to target Microsoft users is an excellent tactic. Each landing page automatically gets its own secure page padlock in the address bar due to the *.1.azurestaticapps.net wildcard TLS certificate.
In its public statement on March 29, Sitel said it is unable to comment publicly on some of the details of the incident. But the company has said that the incident was related to the "legacy Sykes network only."
The disruption caused by the cyberattack affected Atento's Brazil-based operations, resulting in a revenue loss of $34.8 million and an additional $7.3 million in costs related to mitigating the impact of the incident.
Trend Micro this week announced patches for a high-severity arbitrary file upload vulnerability in Apex Central that has already been exploited in what appear to be targeted attacks.
The United States Department of Justice (DoJ) has accused an NSA employee of sharing top-secret national security information with an unnamed person who worked in the private sector.
The flaws have the potential to disrupt industrial operations and cause physical damage to factories in a manner similar to that of Stuxnet and the Rogue7 attacks, operational technology security company Claroty said.
A new version 4.0 of the PCI Data Security Standard (PCI DSS) has been published today by the PCI Security Standards Council (PCI SSC), the global payment security forum.
Tens of thousands of Viasat satellite broadband modems that were disabled in a cyber-attack some weeks ago were wiped by malware with possible links to Russia's destructive VPNFilter, according to SentinelOne.
A new report examines how an organization's approach to cyberattack incident and response strategies can have implications for investment in the broader cybersecurity market.
Nvidia's ultra-dense GPU-driven AI training and inference systems are prone to covert and side channel attacks, according to research just published from a team led by Pacific Northwest National Laboratory (PNNL).
Hive ransomware actors ported its Linux encryptor to Rust programming language to target VMware ESXi servers. Additionally, they have added new features to make it difficult for security researchers to snoop on victim’s ransom negotiations, which it appears to have copied from BlackCat. Organizations are advised focus on protecting sensitive data with robust encryption and access control.
GitLab has patched a critical vulnerability that meant static passwords were inadvertently set during OmniAuth-based registration – putting accounts at risk of malicious takeover.
Dubbed REDSPICE, which stands for ‘Resilience, Effects, Defense, Space, Intelligence, Cyber and Enablers,’ it is the biggest single cybersecurity investment in Australian history.
Google TAG found multiple cybercriminal activities, such as phishing and malware attacks, targeting NATO and Eastern European countries. An APT group adopted a novel Browser-in-the-Browser (BitB) phishing technique. A group with alleged links to China targeted government and military organizations in Russia, Ukraine, Mongolia, and Kazakhstan.
A threat actor was spotted employing a sophisticated crypto-mining malware, dubbed Verblecon, on systems to steal access tokens for Discord chat app users. There are reports that connect a Verblecon domain to a ransomware attack as well. Organizations are recommended to use up-to-date and reliable anti-malware.
This archive contains all of the 170 exploits added to Packet Storm in March, 2022.
Apple Security Advisory 2022-03-31-1 - iOS 15.4.1 and iPadOS 15.4.1 addresses code execution and out of bounds write vulnerabilities.
Apple Security Advisory 2022-03-31-2 - macOS Monterey 12.3.1 addresses code execution, out of bounds read, and out of bounds write vulnerabilities.
Ubuntu Security Notice 5362-1 - Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered show more ...
Ubuntu Security Notice 5361-1 - It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify show more ...
Ubuntu Security Notice 5358-2 - It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the IPsec implementation in the Linux show more ...
Ubuntu Security Notice 5357-2 - It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5360-1 - It was discovered that Tomcat incorrectly performed input verification. A remote attacker could possibly use this issue to intercept sensitive information. It was discovered that Tomcat did not properly deserialize untrusted data. An attacker could possibly use this issue to execute show more ...
WordPress Uleak Security Dashboard plugin version 1.2.3 suffers from a cross site scripting vulnerability.
Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices. "An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," the company said in an advisory
Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild. The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. Both the vulnerabilities have been reported to Apple anonymously. Tracked as CVE-2022-22675,
The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the latest research from SentinelOne. The findings come as the U.S. telecom company disclosed that it was the target of a multifaceted and deliberate" cyberattack against
Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers (PLCs) and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes. The flaws have the potential to disrupt industrial operations and cause physical damage to factories in a manner
A Chinese advanced persistent threat tracked as Deep Panda has been observed exploiting the Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor and a novel rootkit on infected machines with the goal of stealing sensitive data. "The nature of targeting was opportunistic insofar that multiple infections in several countries and various sectors occurred on the same dates," said
Threat actor groups like Wizard Spider and Sandworm have been wreaking havoc over the past few years – developing and deploying cybercrime tools like Conti, Trickbot, and Ryuk ransomware. Most recently, Sandworm (suspected to be a Russian cyber-military unit) unleashed cyberattacks against Ukranian infrastructure targets. To ensure cybersecurity providers are battle ready, MITRE Engenuity uses
The North Korean state-backed hacking crew, otherwise known as the Lazarus Group, has been attributed to yet another financially motivated campaign that leverages a trojanized decentralized finance (DeFi) wallet app to distribute a fully-featured backdoor onto compromised Windows systems. The app, which is equipped with functionalities to save and manage a cryptocurrency wallet, is also designed
International IT and software development firm Globant has confirmed that an increasingly-notorious cybercrime gang breached its network and stole intellectual property and passwords. Read more in my article on the Hot for Security blog.
City of London Police have charged two teenagers in relation to the ongoing investigation into the LAPSUS$ hacking group.
