Lets face it. We all love Twitter, no matter how much we get mad with the platform or its direction. Well, it seems that the future owner of the platform, Elon Musk, has his own issues. In the opening of this weeks episode of the Kaspersky Transatlantic Cable podcast, Ahmed, Jag and I dive into Elons battle with show more ...
Some of the vulnerabilities added by CISA to its Must Patch list were discovered more than a decade ago and for some flaws there do not appear to be any public reports describing malicious exploitation.
Malwarebytes researchers identified a malvertising campaign leading to a fake Firefox update. The template is strongly inspired from similar schemes and in particular the one distributed by the FakeUpdates (SocGholish) threat actors.
While it is unknown how the campaign initially started, PIXM states victims arrived at phishing landing pages from a series of redirects originating from Facebook Messenger.
Considering the wide wording of the Direction, it is likely to be applicable to almost each and every type of business operating within India. The Direction will be effective from June 28, 2022.
CISA Director Jen Easterly said there's growing momentum for stronger collaboration and communication between government agencies like CISA and private-sector cybersecurity companies.
According to a blockchain researcher who goes by Foudres, the hacker stole around 1,650,000 EGLD, the native token of the Elrond blockchain, with around $113 million at the time of the hack.
Effective use of new-age technologies like artificial intelligence, machine learning, and blockchain can help prevent cyber frauds and make ecosystems safe and secure for individuals and businesses.
As the auto industry enters an era where cars are increasingly relying on the internet to operate, some experts say that the shift to autonomy may pose greater cybersecurity risks if potential hackers target software vulnerabilities.
Several botnets are now using exploits targeting a critical remote code execution (RCE) vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs.
Cybersecurity researchers have taken the wraps off what they call a new "nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems.
SVCReady, a previously undocumented malware, is being propagated via a new series of phishing attacks via emails containing VBA macros. The malware supports anti-analysis features, information exfiltration, encrypted C2 communications, and persistence. SVCReady is believed to be in an early development stage that could become a prominent threat in the future.
A cyberattack on a hospital in Tokushima Prefecture in October occurred after a company disabled anti-virus software on the hospital's computers, according to a report published on June 7.
Researchers analyzed 75 websites from the Alexa top 150 websites and discovered that 35 of them were prone to at least one of the five attack methods falling under the umbrella of account pre-hijacking.
SMSranger is a Telegram-based bot. It seems very popular amongst cybercriminals, and provides services in the United Kingdom, France, Spain, Germany, Italy, and Colombia, according to Cyble.
The Alpharetta, Georgia-based company offers cloud-based cybersecurity, compliance, and fraud solutions that help banks ensure they can maintain a good cybersecurity posture.
The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to Proofpoint.
Recent analysis of ransomware attack trends by Akamai highlights the risks and suggest mitigation, while an analysis of Web app and API attack trends offers a fresh look at the infection vectors used by ransomware operators and others.
Both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups.
With the 2022 election season around the corner, campaigns of all sizes need to be prepared for a widened set of potential cybersecurity risks, experts and a top intelligence official said.
The team of IT security researchers at vpnMentor led by Noam Rotem identified a misconfigured Microsoft Azure server that exposed the personal and educational records of tens of thousands of students from India and Israel.
The threat actor has a history of using document lures with pornographic themes to infect users and makes heavy use of USB shortcut techniques to spread the malware and infect additional targets.
Congressional exasperation with the slow pace of agencies deploying MFA emerged at a House hearing last month. The May executive order had “aggressive but achievable” deadlines, a White House official said last year.
Researchers have identified an increase in activity by a new hacktivist group called Cyber Spetsnaz that has been targeting NATO infrastructure. In April, Cyber Spetsnaz created its first division called Zarya, with a bunch of experienced penetration testers, OSINT specialists, and hackers. The group is strongly believed to be state-sponsored.
Recently, Onapsis researchers detected exploitation activity related to three vulnerabilities that were already patched by SAP - CVE-2021-38163, CVE-2016-2386, and CVE-2016-2388.
Current phishing emails run the gamut from airline ticket giveaways, gift cards, and offers of bonus flight hours to booking confirmations and bargain offers for holiday rentals and all-inclusive deals.
Red Hat Security Advisory 2022-4956-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private show more ...
Ubuntu Security Notice 5472-1 - It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. It was discovered that show more ...
Red Hat Security Advisory 2022-4940-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Red Hat Security Advisory 2022-4959-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP10.
Red Hat Security Advisory 2022-4941-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
Red Hat Security Advisory 2022-4957-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR5-FP10.
Red Hat Security Advisory 2022-4942-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.
Ubuntu Security Notice 5474-1 - It was dicovered that Varnish Cache did not clear a pointer between the handling of one client request and the next request within the same connection. A remote attacker could possibly use this issue to obtain sensitive information. It was discovered that Varnish Cache could have an show more ...
Ubuntu Security Notice 5396-2 - USN-5396-1 addressed a vulnerability in Ghostscript. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, show more ...
Ubuntu Security Notice 5473-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority bundle.
Image Source: Toptal The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to enterprise security company Proofpoint, which
Cybersecurity researchers have taken the wraps off what they call a "nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems. Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim's resources like a parasite.
Common cybercriminals are a menace, there's no doubt about it – from bedroom hackers through to ransomware groups, cybercriminals are causing a lot of damage. But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups. In fact, these tools can prove almost
A previously undocumented Chinese-speaking advanced persistent threat (APT) actor dubbed Aoqin Dragon has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013. "Aoqin Dragon seeks initial access primarily through document exploits and the use of fake removable devices,"
A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before
An Iranian hacking gang called Bohrium has had its activities disrupted after Microsoft seized control of 41 domains used in spear-phishing attacks. Read more in my article on the Hot for Security blog.
Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.
