First it was Minecraft and Fortnite. Then my youngest took a fancy to stunt scooters — spots, ramps and various brands and names of tricks appeared in his vocabulary, some of which were extremely hard for me to decipher. Example? Easy: try figuring out what 540 is. Now hes into graffiti. I hope that his pieces, tags show more ...
This email is being fired out to random addresses; it’s not a targeted attack. The phisher is simply hoping that of all the recipients, a few have an account with the service they’re imitating.
A cyberattack struck Costa Rica's hospitals and clinics early Tuesday morning, the Costa Rican Social Security Fund (CCSS) said, the latest in a string of hacks targeting the Central American country in recent weeks.
The country with the most accessible MySQL servers is the United States, surpassing 1.2 million. Other countries with substantial numbers are China, Germany, Singapore, the Netherlands, and Poland.
It is better to consider the term zero trust architecture (ZTA) – a framework that requires an organization to take steps depending on the priorities of the business and their current security infrastructure.
“Evri” is a recent UK-specific rebrand of the German company “Hermes”, so that UK customers may very well still be getting used to the new look and feel of the rebranded website, and to the new domain name. This could favor the scammers.
According to a research commissioned by Opengear, 53% of network engineers and 52% of CIOs polled in the U.S., U.K., France, Germany, and Australia rank cybersecurity among the list of their biggest risks.
RansomHouse has been firm about its non-use of ransomware in its exploits despite the group’s name. They also reportedly do not encrypt files they stole from organizations.
Ninety-three percent of cyber decision-makers say public-private partnerships are vital to national defense, but only 34 percent believe they are very effective, according to a study from MeriTalk and RSA Conference.
Researchers reported the high-severity bug in the Microsoft Office productivity suite that, if exploited, runs PowerShell commands using Microsoft Diagnostic Tool just by opening a Word document. It works without elevated privileges, bypasses Windows Defender, and runs binaries or scripts without enabling macros. show more ...
The existence of the backdoor account, tracked as CVE-2020-12501, was discovered by SEC Consult in 2020, but it was only made public now, after a lengthy disclosure process that ended with the vendor saying that the account will not be removed.
Described by Microsoft as a remote code execution flaw in the Microsoft Windows Support Diagnostic Tool (MSDT) and tracked as CVE-2022-30190, it impacts all Windows client and server platforms still receiving security updates.
“Preliminary evidence indicates that an unauthorized, outside entity gained access to a City of Portland email account to conduct this illegal activity,” according to a statement by the city authorities.
Although the Ukrainian Government and other private organizations do maintain official donation mechanisms, people must be cautious and verify information about entities purporting to solicit aid for causes linked to the crisis in Ukraine.
Lookout is expanding its identity protection through its acquisition of SaferPass, a password management company. SaferPass provides secure online identity solutions for both consumers and businesses.
Healthcare has been proven to be a valuable target for cyber threat actors and medical devices are increasingly the targets of malicious cyberattacks, which result not only in data breaches but also in increased healthcare delivery costs.
As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues.
Attacks against OT are more difficult to achieve, but the effect is equally more difficult to mitigate. The evolution of cyber extortion makes this more than just a possible development.
Two prominent ransomware groups, Clop and REvil, had claimed to have shut down but there are some activities that suggest cybercriminals may have not gone completely. Clop had an unexpected return with a jump from the least active threat in March to the fourth most active in April. The so-thought-defunct REvil ransomware group claimed responsibility for a recent DDoS attack against a hospitality customer of Akamai.
Researchers reported a wave of DDoS attacks by the Russian Gamaredon APT group. Also, criminals have open-sourced code of a DDoS trojan called LOIC. Besides, experts observed attackers launch multiple attacks, such as phishing campaigns and malware attacks. Organizations are suggested to stay protected and follow agencies such as CERT-UA for recommendations and guidelines.
EnemyBot botnet expanded its attack scope to exploit critical vulnerabilities found in VMware, Android, and F5 BIG-IP. It is suspected to have some strong correlation with the LolFMe botnet in terms of having similar strings, structure, and patterns in the code. The botnet is under active development by its operators. Make sure to update and apply the latest security patches to devices in use.
Researchers have warned against the increased use of free-to-use browser automation frameworks by attackers that can be abused in malicious activities. Researchers observed C2 IP addresses linked with malware such as BlackGuard, Bumblebee, and RedLine Stealer communicating with the subdomain of Bablosoft. show more ...
Ubuntu Security Notice 5456-1 - It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact.
GtkRadiant version 1.6.6 suffers from a buffer overflow vulnerability.
This archive contains all of the 142 exploits added to Packet Storm in May, 2022.
Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Red Hat Security Advisory 2022-4863-01 - OpenShift Serverless version 1.22.1 contains a moderate security impact.
libxml2 is vulnerable to a heap buffer overflow when xmlBufAdd is called on a very large buffer.
The BN_mod_sqrt() function in OpenSSL versions 1.0.2, 1.1.1, and 3.0, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.
Ubuntu Security Notice 5443-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. show more ...
Ubuntu Security Notice 5451-1 - Ilya Averyanov discovered that an InfluxDB vulnerability allowed attackers to bypass authentication and gain access to any known database user.
Avantune Genialcloud ProJ version 10 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2022-4860-01 - The Red Hat OpenShift Serverless Client kn 1.22.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.22.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Real Player versions 16.0.3.51, Cloud 17.0.9.17, and 20.0.7.309 suffer from a DCP:// URI remote code execution vulnerability.
Ubuntu Security Notice 5454-2 - USN-5454-1 fixed several vulnerabilities in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code.
Real Player versions 16.00.282, 16.0.3.51, Cloud 17.0.9.17, and 20.0.7.309 suffer from external::Import() arbitrary file download and directory traversal vulnerabilities that lead to remote code execution.
The G2 Control component in Real Player version 20.0.8.310 suffer from remote code execution vulnerability.
Ubuntu Security Notice 5442-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. show more ...
Red Hat Security Advisory 2022-4845-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
Comma devices running Openpilot suffered from an insecure configuration when SSH is enabled where the private key is publicly known. Additional security hardening improvements have also been made in recent releases to address other concerns as well.
An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems. "TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique," enterprise security firm Proofpoint said in
An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot. "This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol said in a statement. <!--adsense--> The "complex
As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the
An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. "Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen," Israeli cybersecurity company
A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a report shared
