Kaspersky experts have studied the WinDealer malware by the LuoYu APT group. The most interesting finding is that the attackers have apparently mastered the man-on-the-side attack method and are successfully using it both to deliver malware and to control already infected computers. What is a man-on-the-side attack show more ...
A new Atlassian Confluence zero-day, tracked as CVE-2022-26134, is being exploited by cybercriminals to deploy webshells, which may lead to RCE attacks. The CISA has added this zero-day to its 'Known Exploited Vulnerabilities Catalog' and is urging federal agencies to block all internet traffic to their Confluence servers. No patch is available right now but a fix has been suggested by Atlassian.
Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 — another security flaw the Australian software company patched in August 2021. Both relate to a case of Object-Graph Navigation Language (OGNL) injection.
Kaspersky discover that WinDealer—deployed by Chinese-speaking threat actor LuoYu—has been performing intrusions through a man-on-the-side attack. WinDealer, once deployed, allows the attackers to search and steal large amounts of data from targeted Windows systems. The group targets almost all platforms such as Windows, macOS, Linux, and Android.
The hacker conducted a phishing attack, they set up a phishing site that impersonated the official BAYC site claiming that BAYC, MAYC, and OthersideMeta holders were able to claim a free NFT for a short period of time.
The Anonymous hacktivists collective has struck Russia again by leaking approximately 1TB of data from a leading Russian law firm identified as Rustam Kurmaev and Partners (RKP Law).
Apple said this week that it blocked more than 343,000 iOS apps were blocked by the App Store App Review team for privacy violations last year, while another 157,000 were rejected for attempting to mislead or spamming iOS users.
A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S.
Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang. The group began selling allegedly stolen data on their Tor extortion marketplace for $500,000 in bitcoins.
On Thursday, the AlphV ransomware gang added the city to its list of victims. City officials initially confirmed that there was a cyberattack to local news outlet KALB, telling reporters that it was “notified of a possible systems breach.”
DeadBolt is peculiar not only for the scale of its attacks but also for several advanced tactics and techniques that its malicious actors have implemented, such as giving multiple payment options, one for the user and two for the vendor.
On Monday, KELA published its Ransomware victims and network access sales report (PDF), suggesting that the number of significant ransomware victims dropped by approximately 40%, recorded as 698 in Q1 compared to Q4 2021's 982.
First, the ransomware attempts to read a file to memory using File.ReadAllBytes(). This function has an internal limit – of a maximum of 2 GB. In case the file is larger, the function throws an exception, which is then handled by the try-catch block.
Digital risk protection company CloudSEK observed an increase in the number of phishing campaigns that combine services for reverse tunneling and URL shortening for evasion.
On Ukraine’s battlefields, the simple act of powering up a cellphone can beckon a rain of deathly skyfall. Artillery radar and remote controls for unmanned aerial vehicles may also invite fiery shrapnel showers.
Although 90% of cloud apps run on Linux, not much is being done to protect them from malware. Ransomware gangs and cryptomining attackers have put their sights on Linux environments.
The exposed information included full names, email addresses, and phone numbers, along with credit card information, transaction and purchased meals details, and login information stored in plain text.
Russia’s Ministry of Construction, Housing, and Utilities website has been reportedly hacked, with an internet search for the site leading to a “Glory to Ukraine” sign in Ukrainian.
It is impossible to communicate or request any publicly available service that relies on digital systems, and all citizens have to use obsolete fax machines to reach public offices.
The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS).
Gloucester City Council’s IT systems are still not fully operational almost six months after it was targeted by Russian hackers. The authority acknowledged its servers were compromised on December 20 last year.
The increase in cybersecurity incidents in Brazil has led to soaring demand for insurance for risks in that area, according to numbers from the National Confederation of Insurers (CNseg).
In 2019, the U.S. Treasury issued sanctions against 17 individuals and seven entities of Evil Corp cyber operations for causing financial losses of more than $100 million with the Dridex malware.
SMSFactory has already targeted more than 165,000 Avast customers from May 2021 to May 2022. Most of the victims were located in Brazil, Ukraine, Argentina, Russia, and Turkey. The main goal is to send premium texts and make calls to premium phone numbers. However, the malware can steal the contact lists on infected devices as a further distribution method for the threat.
Microsoft Digital Crimes Unit (DCU) has successfully dismantled a spear-phishing operation associated with an Iranian threat actor, named Bohrium, that targeted customers in the Middle East, the U.S., and India.
In July 2017, a global law enforcement sting called Operation Bayonet took down AlphaBay’s sprawling marketplace, seizing the site’s central server in Lithuania and arresting its creator, Alexandre Cazes, outside his home in Bangkok.
The group targets misconfigured Docker Engine API endpoints with an open port 2375 for accessing daemon in default settings.Subsequently, it lists or modifies containers and runs arbitrary shell commands.
A chained, zero-day exploit could potentially expose all user data in the backend of the companion mobile application for a popular smart weight scale, security researchers have claimed.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged show more ...
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
Poly Studio X30, Studio X50, Studio X70, and G7500 versions 3.4.0-292042, 3.5.0-344025, and 3.6.0 suffers from an authenticated command injection vulnerability.
Poly EagleEye Director II version 2.2.1.1 suffers from multiple authenticated remote command injection vulnerabilities as well as an authentication bypass vulnerability.
dbus-broker-29 suffers from multiple memory corruption vulnerabilities. dbus-broker-31 addresses these issues.
Korenix JetPort 5601V3 with firmware version 1.0 suffers from having default backdoor accounts. The vendor will not address the issue as they claim the secret cannot be cracked in a reasonable amount of time.
Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a configuration disclosure vulnerability.
Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key disclosure vulnerability.
Red Hat Security Advisory 2022-4893-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2022-4899-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. compat-openssl11 provides the legacy 1.1 version of OpenSSL for use with older binaries.
Red Hat Security Advisory 2022-4895-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2022-4887-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.10.0. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2022-4890-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.10.0. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2022-4892-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.10.0. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2022-4896-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only show more ...
Red Hat Security Advisory 2022-4894-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2022-4888-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.10.0. Issues addressed include a buffer overflow vulnerability.
Apache version 2.4.50 remote code execution exploit that leverages a traversal as identified in CVE-2021-42013. Written in C.
A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190 (CVSS score: 7.8). No less than 1,000 phishing messages
Microsoft's Digital Crimes Unit (DCU) last week disclosed that it had taken legal proceedings against an Iranian threat actor dubbed Bohrium in connection with a spear-phishing operation. The adversarial collective is said to have targeted entities in tech, transportation, government, and education sectors located in the U.S., Middle East, and India. <!--adsense--> "Bohrium actors create fake
"Shifting (security)" left approach in Software Development Life Cycle (SDLC) means starting security earlier in the process. As organizations realized that software never comes out perfectly and are riddled with many exploitable holes, bugs, and business logic vulnerabilities that require going back to fix and patch, they understood that building secure software requires incorporating and
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Food and Drug Administration (FDA) have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing (NGS) software. Three of the flaws are rated 10 out of 10 for severity on the Common Vulnerability Scoring System (CVSS), with two others having severity ratings of 9.1 and 7.4. The issues
10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times. Some of the most targeted apps include Walmart-backed PhonePe, Binance, Cash App, Garanti BBVA Mobile, La Banque Postale, Ma Banque, Caf - Mon Compte, Postepay, and BBVA México. These apps alone
Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a boot loader used in Linux-based embedded systems such as ChromeOS as well as
Apple says that it protected many millions of users from being defrauded to the tune of nearly $1.5 billion dollars in the last year, by policing its official App Store. According to a newly published report by Apple, over 1.6 million risky and untrustworthy apps and app updates were stopped in their tracks due to the show more ...
