Image: Proxima Studios, via Shutterstock. Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s show more ...
One of the most interesting choices fraudsters make is to run a scam that specifically draws the victim’s attention to fraudulent activity, real or otherwise. It sounds counter-productive, but it’s the last thing people would expect.
The operators of Conti's name-and-shame ransomware scheme, the GOLD ULRICK group, seem to have adapted well even after the massive data leak of Conti’s source code. GOLD ULRICK group added 11 victims in the first four days of April. Organizations are suggested to share threat intelligence with each other for better protection.
CRV led Doppler’s Series A with participation from GV, Sequoia Capital, and Y Combinator, as well as several angel investors. The startup has raised $28.8 million in capital to date.
During this phishing campaign, the APT29 group was observed utilizing multiple malware families, including BEATDROP and BOOMMIC loaders, ROOTSAW dropper HTML file, and the BEACON backdoor.
“This morning, accessing the sites gov.ro, mapn.ro and politiadefrontiera.ro [Border Police], cfrcalatori.ro [National RailRoads] and the financial institution’s websites were affected by a series DDOS cyber attacks,” a press release said.
The San Francisco, Calif. Startup, the brainchild of former Facebook engineer Zach Wasserman, said the $20 million Series A was led by venture capital outfit CRV with participation from a range of prominent cybersecurity executives.
The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open-source repositories.
The collective has released a 542 GB archive via DDoSecrets that contains 229,000 emails and 630,000 files from the Petersburg Social Commercial Bank. Other victims include Elektrocentromontazh and ALET.
A new malware loader, dubbed Bumblebee, has been tracked by Proofpoint. The loader is being used at least by three different threat clusters linked with ransomware operations. Most likely developed by the Conti gang, Bumblebee is designed to replace the BazarLoader backdoor (aka BazaLoader).
Leaders of the Galveston Independent School District said the now-former employee had not been granted permission to install the machines nor run them using power paid for by the district.
These fake updates are distributed under various names, with Win10.0_System_Upgrade_Software.msi [VirusTotal] and Security_Upgrade_Software_Win10.0.msi being the most common.
When Russian president Vladimir Putin launched his full invasion of Ukraine in February, the world expected Moscow’s cyber and information operations to pummel the country alongside airstrikes and shelling.
Bangladesh authorities alerted against botnet and malware infections of important data infrastructures, including in financial institutions, to forestall cyber-attacks on the sidelines of the Ukraine war.
In a study of 32 applications geared toward mental health and religion, the open-source organization found that 25 of them did not meet Mozilla's Minimum Security Standards.
The company said Friday it will let people request that more types of content such as personal contact information like phone numbers, email, and physical addresses be removed from search results.
The acquisition will be made through Dx Technology Services and Investment BV (DxBV), a new digital services-focused investment firm established by Sabanci in the Netherlands.
WhiteSource identified, blocked, and reported two packages that were deemed to be malicious versions of original AWS packages. WhiteSource security experts have reached out to contacts at Amazon to notify them of their findings.
The attack on Saturday was also confirmed by Fei Protocol’s official Twitter account. Fei Protocol also offered the attacker a $10 million bounty to return the stolen funds.
A new ransomware operation named Black Basta has targeted at least a dozen companies and some researchers believe there may be a connection to the notorious Conti ransomware group.
Override Panda, also called Naikon, Hellsing, and Bronze Geneva, is known to operate on behalf of Chinese interests since at least 2005 to conduct intelligence-gathering operations targeting ASEAN countries.
Smallstep says it will use the funds to invest in the open-source community, will continue to build products for practical zero trust, and will accelerate research and development.
In the last two months, since the war started in Eastern Europe, several wipers have been used in parallel with DDoS attacks to keep financial institutions and government organizations, mainly Ukrainian, inaccessible for extended periods of time.
While previous AvosLocker infections employ similar routines, this is the first sample researchers observed from the US with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys).
Iran-linked Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Users of the associated VMWare products should review their VMware architecture to make sure the affected components are not exposed to the internet.
The U.S. Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, a resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense (DoD).
This archive contains all of the 150 exploits added to Packet Storm in April, 2022.
This Metasploit module abuses a vulnerability in certain WSO2 products that allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6. show more ...
Red Hat Security Advisory 2022-1665-01 - The gzip packages contain the gzip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.
WordPress Stafflist plugin version 3.1.2 suffers from a cross site request forgery vulnerability.
WordPress Stafflist plugin version 3.1.2 suffers from a remote SQL injection vulnerability.
Ubuntu Security Notice 5382-2 - USN-5382-1 fixed a vulnerability in libinput. This update provides the corresponding updates for Ubuntu 22.04 LTS. Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly handle input devices with specially crafted names. A local attacker with physical access could use this to cause libinput to crash or expose sensitive information.
Strap versions prior to 3.6.9 and 4.1.5 disclose a user's password due to simply base64 encoding it and sticking it in a cookie.
Red Hat Security Advisory 2022-1661-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
Red Hat Security Advisory 2022-1663-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.
Ransom.LockBit malware suffers from a dll hijacking vulnerability.
Red Hat Security Advisory 2022-1664-01 - lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API.
Covid 19 Travel Pass Management System version 1.0 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2022-1662-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.
Toll Tax Management System version 1.0 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2022-1646-01 - Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more. Issues addressed include a HTTP request smuggling vulnerability.
Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release show more ...
The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the
A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. "The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as 'Viper,'" Cluster25 said in a report published last week. "The target of this attack is currently unknown but with high
A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of the activities associated with the crew assigned the moniker Nobelium (
According to folklore, witches were able to sail in a sieve, a strainer with holes in the bottom. Unfortunately, witches don’t work in cybersecurity – where networks generally have so many vulnerabilities that they resemble sieves. For most of us, keeping the sieve of our networks afloat requires nightmarishly hard work and frequent compromises on which holes to plug first. The reason? In 2010,
