IoT devices have long been an integral part of the technological and production processes of many modern companies. They are used in industrial facilities, in smart buildings, and in everyday office life. However, their safety has always raised concerns. Especially considering that many devices require access to show more ...
Researchers disclosed that NightLion hackers have been on a data-wiping mission and it is fraudulently claiming that Night Lion security company and Shadow Byte are behind the act. Hackers have been trying to exact virtual revenge on Vinny Troia, a security researcher, pentester, and owner of Night Lion Security and Shadowbyte, ever since he published a book revealing secrets of The Dark Overlord.
“We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway,” the Ministry of Defence Press Office said on Twitter. “The Army takes information security extremely seriously and is resolving the issue.”
A threat actor infiltrated the networks of building automation systems of several Asian organizations by exploiting the Proxylogon flaw in Microsoft Exchange. Last year, the Dutch Institute for Vulnerability Disclosure reported around 46,000 unpatched servers against the ProxyLogon flaw last year. Encrypting show more ...
A joint advisory warned against threat actors ramping up attacks against unpatched Log4Shell vulnerability in VMware and UAG servers. APT groups moving laterally throughout the network could get access to a disaster recovery network. In case of a potential compromise is detected, administrators should apply the incident response recommendations without fail.
Microsoft patched a container escape bug known as FabricScape in the Service Fabric application hosting platform, which could let adversaries compromise the SF Linux cluster. Tracked as CVE-2022-30137, FabricScape works only on containers configured to have runtime access. Thankfully, there is no evidence so far that FabricScape has been exploited in real-world attacks.
The admission that some China-based employees can access information from U.S. users came in a letter sent to nine senators, which further noted that the procedure requires the individuals to clear numerous internal security protocols.
HackerOne says an employee stole vulnerability disclosure reports submitted via its platform so they could (at least attempt to) claim the bounty from the company's partners for themselves.
Kaspersky has launched a new information hub to help with their open-source stalkerware detection tool named TinyCheck, created in 2019 to help people detect if their devices are being monitored.
China-based Dragonbridge hacker group launched influence campaigns against rare earth mining companies in the USA and Australia via thousands of fake social media accounts. The Chinese threat actors claim that the building of a rare earth processing facility in Texas would expose the local population to radioactive show more ...
The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals.
The flaw is a Windows LSA Spoofing vulnerability actively exploited in the wild. The vulnerability can be exploited by an unauthenticated attacker to force a domain controller to authenticate against another server using NTLM.
Google Project Zero has observed a total of 18 exploited zero-day vulnerabilities in the first half of 2022, at least half of which exist because previous bugs were not properly addressed.
Avast security researchers have discovered a server on Discord where a group of minors is involved in developing, upgrading, marketing, and selling malware and ransomware strains on the platform, supposedly to earn pocket money.
Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory.
Professor Edward Burke made the comment following the report of High Court judge Charles Meenan, who supervises the interception of phone calls and post, and access to traffic data on private communications.
The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file.
Central to the changes is a "simplified and unified management experience that's the same in Chrome and Android settings," Ali Sarraf, Google Chrome product manager, said in a blog post.
A new Revive banking trojan was found targeting users of BBVA, a Spanish financial services company. Revive follows a more focused approach - the bank and not customers as its prime targets. While the malware is in its early developmental stages, it is designed for persistent campaigns. Training employees and using the right cybersecurity tools is the need of the hour to protect against banking Trojans like Revive.
As it is not easy to gain a blue badge, threats of suspension can lead to people reacting without thinking, making them prime targets for threat actors who value these types of accounts for their own scams.
The Cyber Police of Ukraine apprehended nine members of a criminal gang that used hundreds of phishing sites that claimed to offer financial assistance to Ukrainian citizens as part of a campaign aimed at capitalizing on the ongoing conflict.
A hacker has claimed to have procured a trove of personal information from the Shanghai police on one billion Chinese citizens, which tech experts say, if true, would be one of the biggest data breaches in history.
Tracked as CVE-2022-34265, the potential SQL Injection vulnerability impacts Django's main branch, and versions 4.1 (currently in beta), 4.0, and 3.2, with patches and new releases issued that squash the vulnerability.
As of May 2022, the operators of the ransomware are heavily relying on vulnerabilities in Remote Desktop Protocol (RDP) endpoints to access victims’ networks.
Red Hat Security Advisory 2022-5491-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and privilege escalation vulnerabilities.
Ubuntu Security Notice 5501-1 - It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information.
Ubuntu Security Notice 5500-1 - Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. Lin Ma discovered that the NFC Controller Interface show more ...
Ubuntu Security Notice 5493-2 - It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 5485-2 - It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not completely perform cleanup actions on show more ...
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
This script is a great tool for pentesters needing to create reverse shells using either bash or netcat.
Lockbit ransomware version 3.0 apparently now requires a password to execute as noted by "@vxunderground", but does not properly check bounds for both the -pass and -k arguments. Supplying a long string of characters for either flag will trigger a unicode stack buffer overflow overwriting the ECX register and structured exception handler (SEH).
DouPHP version 1.2 Release 20141027 suffers from a remote SQL injection vulnerability.
Paymoney version 3.3 suffers from a cross site scripting vulnerability.
Stock Management System 2020 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. "The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties," it said. "In under 24 hours, we worked quickly to contain the
The Cyber Police of Ukraine last week disclosed that it apprehended nine members of a criminal gang that embezzled 100 million hryvnias via hundreds of phishing sites that claimed to offer financial assistance to Ukrainian citizens as part of a campaign aimed at capitalizing on the ongoing conflict. "Criminals created more than 400 phishing links to obtain bank card data of citizens and
Gardeners know that worms are good. Cybersecurity professionals know that worms are bad. Very bad. In fact, worms are literally the most devasting force for evil known to the computing world. The MyDoom worm holds the dubious position of most costly computer malware ever – responsible for some $52 billion in damage. In second place… Sobig, another worm. It turns out, however, that there are
Hundreds of thousands of people who follow the official social media accounts of the British Army may have been surprised to see that it had been hijacked by hackers on Sunday. Read more in my article on the Hot for Security blog.
