For a second-straight week, we have a short-handed booth for the Kaspersky Transatlantic Cable podcast. With Ahmed and Dave off, Jag and I share the mic for the first time as a duo. To kick things off, we discuss how the Lazarus group turned a fake job offer into a $600M hack into Axie Infinity. From there, we head show more ...
Online fraudsters are continuing to use the names of famous people and companies to scam cryptocurrency users. This time the scammers are exploiting the brand name Nvidia, the US developer of GPUs that are particularly popular among crypto enthusiasts. Many devices for cryptocurrency mining were created on the basis show more ...
A callback phishing campaign is impersonating renowned cybersecurity organizations, revealed CrowdStrike. Adversaries then inform their clients about a fake network breach in their system and urge the recipients to call a particular number. Organizations are advised to always stay vigilant and contact cybersecurity firms via their official website.
The Smoke Bot software contains a large number of features that make it easy for the attacker to install and maintain persistent processes, perform DDoS attacks on various resources, and mine for Monero (XMR).
DDoS operations in the region have skyrocketed over the last five months, and are increasingly targeting commercial interests, but analysts say their impact on the battlefield has been negligible.
The targeting apparently came in the form of a Distributed Denial of Service (DDoS) attack, during which website servers are overwhelmed by near-simultaneous requests to connect.
Security researchers warn of vulnerabilities that affect the protocol for radio-controlled (RC) drones, named ExpressLRS, which can be exploited to take over unmanned vehicles.
The university and the CIA have entered an agreement to study how artificial intelligence and machine learning applications (AIML) can be used to detect and deter malicious agents that infiltrate computer networks.
The malware, named 'Autolycos,' was discovered by Evina's security researcher Maxime Ingrao to be in at least eight Android applications, two of which are still available on the Google Play Store at the time of reporting.
The Irish Data Protection Commission (DPC), TikTok’s lead privacy regulator for the European Union’s General Data Protection Regulation (GDPR), said the “pause” follows “engagement” between the oversight office and the tech giant yesterday.
CISA has given government agencies three weeks, until August 2nd, to patch the actively exploited CVE-2022-22047 vulnerability and block ongoing attacks that could target their systems.
Windows 7 went out of support in 2020, but Microsoft recognized that many enterprises were quite happy where they were. For a fee, it made Extended Security Updates (ESU) available, which would at least deal with security patches.
On July 10, Deakin University became aware of an incident in which a staff member’s username and password were hacked and used by an unauthorized person to access information held by a third-party provider.
The Department of Homeland Security Science & Technology Directorate wants to encourage tech companies to develop automated software bill of materials tools offering more visibility into supply chains.
The company released the technical details for the security issue, tracked as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine.
The attack starts with a spear phishing email with a geo-political theme. The spear phishing emails were themed around the India-Afghanistan relationship. The attacker used politics as a lure to trick users into clicking on a malicious link.
X.org has released a bunch of updates, including fixes for two security holes, which affects Wayland users too. A batch of updates to X.org's suite of X11 servers and components just appeared.
Attack chains documented by Cisco Talos involve delivering a maldoc to the targets either as an attachment or a link to a remote location via a spear-phishing email, ultimately leading to the deployment of CrimsonRAT.
The U.S. Federal Trade Commission (FTC) warned this week that it will crack down on tech companies' illegal use and sharing of highly sensitive data and false claims about data anonymization.
Upon execution, Lilith attempts to terminate processes that match entries on a hardcoded list, including Outlook, SQL, Thunderbird, Steam, PowerPoint, WordPad, Firefox, and more.
The new measures involve promoting cyber resilience among small- and medium-sized enterprises. That would apply to "critical infrastructure," businesses involved in transport, food, health, energy, and water supply.
The phishing kit leads users through a set of pages aimed at collecting information that can later be used to steal the victims’ identity and perform money laundering, open cryptocurrency accounts, make fraudulent tax return claims, and much more.
Google Play Protect on Android now detects and disables previously downloaded versions of the fake WhatsApp apps, and the Google Play store shouldn’t experience any threat from these apps.
Most critical services companies are struggling to secure their industrial internet of things (IIoT)/operational technology (OT) systems and acknowledge the need to invest more heavily in these areas, said a report from Barracuda Networks.
Despite being only a year old, Hive ransomware has grown into a prominent ransomware-as-a-service operation. The latest decryptor tackles Hive's newer, better-encrypted version.
The largest chunk of cybersecurity spending, $11.2 billion, would go to the Defense Department, followed by $2.9 billion for the Cybersecurity and Infrastructure Security Agency, or CISA.
German software maker SAP on Tuesday announced the release of 20 new security notes and three updates to previous security notes as part of its July 2022 Security Patch Day.
The Series B funding brings the total raised by the Phoenix, Arizona-based Bishop Fox to $100 million and underscores a surge in big bets by venture capital investors on the fast-growing continuous attack surface management category.
The gang has launched several high-profile attacks, including OilTanking GmbH in January and Swissport in February. Most recently, BlackCat targeted Florida International University and the University of North Carolina A&T.
Russia-based Killnet group has been bombarding Latvia with a series of cyberattacks, including a 12-hour attack on one of its broadcasting centers. Hackers made a demand that Lithuania must allow transit of goods to Kaliningrad if they wanted to avoid more attacks on their government institutions and private businesses.
Malicious actors are leveraging GitHub Actions (GHA) and Azure virtual machines (VMs) for cloud-based cryptocurrency mining. Over 1,000 repositories and 550 code samples were spotted abusing GitHub Actions to mine cryptocurrency. Due to this, the cost of electricity to the target organization increased from $20 up to show more ...
Ubuntu Security Notice 5519-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
Ubuntu Security Notice 5520-1 - It was discovered that HTTP-Daemon incorrectly handled certain crafted requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Ubuntu Security Notice 5518-1 - It was discovered that the eBPF implementation in the Linux kernel did not properly prevent writes to kernel objects in BPF_BTF_LOAD commands. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Marvell show more ...
Ubuntu Security Notice 5517-1 - It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was show more ...
Ubuntu Security Notice 5516-1 - It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution.
Ubuntu Security Notice 5515-1 - Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. Jann Horn discovered that the FUSE file system in show more ...
Ubuntu Security Notice 5514-1 - It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service. Duoming Zhou show more ...
Ubuntu Security Notice 5513-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth show more ...
Ubuntu Security Notice 5473-2 - USN-5473-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 16.04 ESM. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority bundle.
Ubuntu Security Notice 5511-1 - Carlo Marcelo Arenas Belon discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator.
WordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability.
PrestaShop version 1.7.6.7 suffers from a cross site scripting vulnerability via the file upload functionality.
The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News.
Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated
Although there is a greater awareness of cybersecurity threats than ever before, it is becoming increasingly difficult for IT departments to get their security budgets approved. Security budgets seem to shrink each year and IT pros are constantly being asked to do more with less. Even so, the situation may not be hopeless. There are some things that IT pros can do to improve the chances of
Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional
Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. The 33-year-old engineer had been charged in June 2018 with unauthorized disclosure of classified information and theft of classified material. Schulte also faces a separate trial on charges related to
A self-proclaimed "super hacker" causes problems in the Magic Kingdom, criminals regret trusting Anom phones, and lawsuits are filed against TikTok. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and show more ...
Turn on a PC running Microsoft Windows 8.1 and you're likely to be greeted with a full-screen message warning that the operating system will no longer be supported after 10 January 2023, and - critically - will no longer be receiving any security updates.
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. Read more in my article on the Tripwire State of Security blog.
Graham Cluley Security News is sponsored this week by the folks at Keeper Security. Thanks to the great team there for their support! IT and DevOps teams were presented with new challenges with the mass-migration to home working, and found themselves forced to perform infrastructure monitoring and management remotely. show more ...
