Our streak of a two-man booth for the Kaspersky Transatlantic Cable podcast continues, with Ahmed and me kicking things off in the cryptocurrency world. More specifically, we discuss some proposed legislation in the EU that would remove a level of anonymity for all transactions. While we have some fun with the topic, show more ...
Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 - 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
Threat actors frequently use OSINT to perform reconnaissance. Secureworks CTU researchers identified several APIs that access the internal information of any organization that uses Azure AD.
The hacker disguised the phishing email as a payment notification from a trusted bank and asked the recipient to open the attached Excel file that is protected by a password.
The attacks took place between August last year and March, sources said. The investigation found the data passing in and out of Indian Load Despatch Centres to the Chinese state-sponsored C2 servers spread across the world, researchers said.
Since Russia’s invasion of Ukraine, Distributed Denial of Secrets team has been inundated with files that hacktivists say they’ve stolen from Russian banks, energy companies, government agencies and media companies.
The most critical of the vulnerabilities, with a CVSS score of 9.1, is CVE-2022-26851. Affected versions of the PowerScale OneFS software contain “a predictable file name from observable state”.
In a blog post on Tuesday, security biz Intego said fixes applied to address CVE-2022-22675 (AppleAVD bug) and CVE-2022-22674 (Intel Graphics Driver bug) in macOS Monterey were not backported to macOS Big Sur or macOS Catalina.
The Pig Butchering scam pulls on heartstrings and purse strings. The fraud is named for the way scammers feed their victims with promises of romance and riches before cutting them off and taking all their money.
According to Palo Alto Networks, the CVE-2022-0778 vulnerability can be exploited by remote attackers to trigger a denial of service condition and crash vulnerable devices.
The researchers say the APT-C-23 group, alongside MoleRATs, are subset APTs of the Hamas cyberwarfare division and are working to benefit the Palestinian political group.
The report complements previous findings from NCC Group, which found the bankbot posing as antivirus apps to carry out unauthorized transactions via Automatic Transfer Systems (ATS).
Kaspersky claims that at least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool we call Fendr and which has only been observed in BlackMatter activity.
"The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command-and-control (C2) of the underlying botnet," the DoJ said in a statement Wednesday.
A security configuration error exposed millions of internal records traced back to Fox News, including personally identifiable information on employees, researchers have claimed.
The XM Cyber research team analyzed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-prem, multi-cloud and hybrid environments.
Lithuania-based Nord Security has raised $100 million in its first ever outside capital funding with a financing round led by Novator Ventures, and participation from Burda Principal Investments and General Catalyst.
FFDroider is spread through software cracks, free software, games, and other files downloaded from torrent sites. When installing these downloads, FFDroider will also be installed, but disguised as the Telegram desktop app to evade detection.
Cyble discovered a new RAT, dubbed Borat. With a builder, feature modules, and a server certificate, it offers ransomware and DDOS attack services. It is not known whether Borat is being sold or freely shared among cybercriminals. While analyzing the campaign and digging into its origin, a researchers group discovered the payload executable to be AsyncRAT, depicting a connection between the two.
In the past few days, several attackers have been observed exploiting new zero-day vulnerabilities in commonly used software products by Google, Apple, and others. Apple has released emergency fixes for two zero-day flaws. Trend Micro fixed a high-severity vulnerability in its Apex Central. Meanwhile, Google recently fixed a high-severity zero-day bug in the Google Chrome.
An Android spyware impersonates a process manager app to target users and steal their data. While analyzing the spyware, the research team discovered that it downloads additional payloads to compromised devices. Organizations and users are suggested to always monitor and review the app permissions in their phones.
A Mirai variant called Beastmode was found exploiting disclosed vulnerabilities in TOTOLINK routers. Attackers abused five new exploits within a month. Beastmode has also added some older bugs for a variety of routers from different vendors, all rated 9.8 on the CVSS scale. TOTOLINK device users are suggested to visit the vendor's download center to apply updates.
Deep Panda was found exploiting Log4Shell to deploy the new Fire Chili rootkit in compromised networks of organizations in the travel, finance, and cosmetic industries. Fire Chili helps keep file operations, registry key additions, processes, and malicious network connections concealed from the user and security software running on the targeted machine.
Ubuntu Security Notice 5369-1 - It was discovered that oslo.utils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
Red Hat Security Advisory 2022-1263-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host show more ...
Backdoor.Win32.XLog.21 malware suffers from an authentication bypass vulnerability due to a race condition.
Ubuntu Security Notice 5368-1 - It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the network traffic control implementation show more ...
Backdoor.Win32.Verify.h malware suffers from a remote command execution vulnerability.
KLiK Social Media Website version 1.0 suffers from multiple remote SQL injection vulnerabilities.
Ubuntu Security Notice 5366-1 - It was discovered that FriBidi incorrectly handled processing of input strings resulting in memory corruption. An attacker could use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. It was discovered that FriBidi incorrectly show more ...
WordPress WP Downgrade plugin versions prior to 1.2.3 suffer from a persistent cross site scripting vulnerability.
WordPress UpdraftPlus versions prior to 1.22.9 suffers from a cross site scripting vulnerability.
qdPM version 9.2 suffers from a cross site request forgery vulnerability.
minewebcms version 1.15.2 suffers from a cross site scripting vulnerability.
WordPress Hummingbird plugin versions prior to 3.3.2 suffers from a persistent cross site scripting vulnerability.
ICEHRM version 31.0.0.0S cross site request forgery exploit that demonstrates account deletion. This finding varies from the original finding of cross site request forgery in the same software from the same researcher.
WordPress Ad Inserter versions prior to 2.7.12 suffer from a cross site scripting vulnerability.
WordPress Loco Translate plugin versions prior to 2.6.1 suffer from a persistent cross site scripting vulnerability.
Backdoor.Win32.Wisell malware suffers from a remote command execution vulnerability.
Kramer VIAware remote code execution exploit that achieves root.
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability.
Backdoor.Win32.Wisell malware suffers from a buffer overflow vulnerability.
Red Hat Security Advisory 2022-1254-01 - An update for python-waitress is now available for Red Hat OpenStack Platform 16.1 (Train). Issues addressed include a HTTP request smuggling vulnerability.
Opmon version 9.11 suffers from a cross site scripting vulnerability.
binutils version 2.37 suffers from a denial of service vulnerability.
Zenario CMS version 9.0.54156 suffers from a remote code execution vulnerability.
Backdoor.Win32.Xingdoor malware suffers from a denial of service vulnerability.
Backdoor.Win32.Ptakks.XP.a malware suffers from an insecure credential storage vulnerability.
VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 - 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager
The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used
During the last week of March, three major tech companies - Microsoft, Okta, and HubSpot - reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state-of-the-art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog will review the three breaches based on
As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. "This malware implements a geofencing feature and evasion techniques, which makes it
Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer," Malwarebytes Labs said in an
A first-of-its-kind malware targeting Amazon Web Services' (AWS) Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls," Cado Labs researcher Matt Muir said
A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an "elaborate campaign" targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. "The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and
There's monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner's CCTV cameras, and what are the naughty words Amazon doesn't want its staff using? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.
A new report shows that not only has there been a substantial increase in the percentage of companies that pay ransoms, but that the average size of ransomware payments has also increased significantly. Read more in my article on the Tripwire State of Security blog.
