Folks today are generally mostly aware that clicking links from questionable sources, for example in e-mails, isnt a good idea. However, when it comes to scanning QR codes, people are often much less vigilant. In fact, QR codes can be even more dangerous: while you can check a link with your own eyes before clicking, show more ...
Users are encouraged to update these affected products as soon as possible: Robustel R1510, version 3.3.0. Talos tested and confirmed this version of the router could be exploited by these vulnerabilities.
By linking these series of attacks, attackers could take over any account in the system that is using Google authentication as the login type, which applies to a very large number of users in the system.
On Monday, the relatively new Yanluowang ransomware operation published an entry to their data leak site claiming that they breached the retailer and encrypted between 40,000 and 50,000 devices.
Google has added API security tools and admin alerts to its Workspace (formerly G-Suite) to flag potentially risky configuration changes, such as super admin password resets.
The Hive ransomware operation has been active since June 2021, it provides Ransomware-as-a-Service Hive and adopts a double-extortion model threatening to publish data stolen from the victims on their leak site (HiveLeaks).
Wearable authentication solutions provider Token this week announced that it has raised $13 million in Series B funding led by Grand Oaks Capital. To date, the company has raised $22.9 million.
The vulnerabilities described include: cross-site scripting (XSS); passwords, API keys, secrets, and tokens stored in plaintext; cross-site request forgery (CSRF); and missing and incorrect permission checks.
A group of security researchers from Abuse.ch and ThreatFox launched a new hub for scanning and hunting files. Dubbed YARAify, the defensive tool is designed to scan suspicious files against a large repository of YARA rules.
According to Ukraine's State Service of Special Communications and Information Protection (SSSCIP), the country's networks have been under a constant barrage of hacking attempts since the war started.
The man is said to have made tens of millions of dollars as a result of his cybercriminal activities. As part of his plea deal, he has agreed to forfeit more than $20 million and pay restitution to victims.
Besides, data was exposed on several other online dashboards provided by the state, including: Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate, and Gun Violence Restraining Order dashboards.
In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip their clients with capabilities to enable targeted attacks aimed at corporates as well as activists, journalists, politicians, and other high-risk users.
Security researchers from CloudSEK have spotted a new exploit from hacktivist group DragonForce Malaysia capable of performing Windows servers’ local privilege escalation (LPE) and local distribution router (LDR) actions on Indian servers.
The new head of Israel's National Cyber Directorate (INCD) has announced the nation intends to build a "Cyber-Dome" – a national defense system to fend off digital attacks.
Publishers Weekly first reported on the incident, seeing emails from Macmillan that stated they suffered a "security incident, which involves the encryption of certain files on our network."
Bumblebee has been linked to ransomware operations by Conti, Quantum, and Mountlocker, which signifies that the malware is now at the forefront of the ransomware ecosystem.
The campaign uses macro-laden documents that have varying filenames, containing the term ‘compliance’. At least nine such documents have been identified.
Microsoft explains in a blogpost that WAP fraud malware on Android is capable of targeting users of specific network operators and uses dynamic code loading -- a method for hiding malicious behavior.
The Series A funding round, which brings total capital raised to more than $16 million, was led by StepStone Group with participation from Fika Ventures, Freestyle and Mucker Capital.
The security issue, which has been rated as critical, has been discovered in all versions of GitLab, starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1.
Before deploying the ransomware, operators infiltrate and move laterally across the entire network, performing a full-fledged RansomOps attack. Similar to other groups, Black Basta employs the double extortion tactic.
This archive contains all of the 92 exploits added to Packet Storm in June, 2022.
Carel pCOWeb HVAC BACnet Gateway version 2.1.0 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the logdownload.cgi bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
Several PHP compatibility libraries contain a potential remote code execution flaw in their json_decode() function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more.
BigBlueButton versions 2.3, prior to 2.4.8, and prior to 2.5.0 suffer from a persistent cross site scripting vulnerability.
The Call For Papers has been announced for the Workshop on CPS and IoT Security and Privacy (CPSIoTSec 2022). It will be held in Los Angeles, CA, USA on November 7th through the 11th, 2022.
The call for papers for Hardwear.io NL 2022 is now open. It will take place October 27th through the 28th, 2021 in the Netherlands.
Red Hat Security Advisory 2022-5483-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-5481-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.11 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.
Red Hat Security Advisory 2022-5475-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.11. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5257-01 - libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Issues addressed include format string and privilege escalation vulnerabilities.
Red Hat Security Advisory 2022-5439-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host show more ...
Red Hat Security Advisory 2022-5249-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5251-01 - The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2022-5244-01 - Expat is a C library for parsing XML documents. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-5479-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.11 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5476-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5263-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-5482-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.11. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5242-01 - Vim is an updated and improved version of the vi editor. Issues addressed include buffer over-read, buffer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5474-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.11 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5480-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.11. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5250-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Issues addressed include integer overflow and out of bounds write vulnerabilities.
Red Hat Security Advisory 2022-5252-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Issues addressed include an out of bounds read vulnerability.
Ubuntu Security Notice 5499-1 - Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server’s certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service. Harry Sintonen discovered that curl incorrectly handled show more ...
A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday. "The group has actively updated its techniques and payloads
Amazon, in December 2021, patched a high severity vulnerability affecting its Photos app for Android that could have been exploited to steal a user's access tokens. "The Amazon access token is used to authenticate the user across multiple Amazon APIs, some of which contain personal data such as full name, email, and address," Checkmarx researchers João Morais and Pedro Umbelino said. "Others,
A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services (IIS), a web server software for Windows systems, after
Fixing indirect vulnerabilities is one of those complex, tedious and, quite frankly, boring tasks that no one really wants to touch. No one except for Debricked, it seems. Sure, there are lots of ways to do it manually, but can it be done automatically with minimal risk of breaking changes? The Debricked team decided to find out. A forest full of fragile trees So, where do you even start?
Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their knowledge or consent
Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a "simplified and unified management experience that's the same in Chrome and Android settings," Ali Sarraf, Google Chrome product manager, said in a blog post. The updates are also expected to automatically
Members of the LGBTQ+ community have been warned to be on their guard against extortionists who may attempt to prey on them via online dating apps such as Grindr and Feeld. Read more in my article on the Hot for Security blog.
Semiconductor giant AMD says that it is investigating what claims to be a major data breach of its network, that saw a group of online criminals steal 450GB of data from its systems. Read more in my article on the Hot for Security blog.
