For the first time in what feels like a long time, the team are fully reunited to discuss this weeks topics. They kick things off with news that more and more hospitals are under attack from ransomware. From there, the team discuss a strange story about an MP in Australia whos been handed a lifetime ban on Facebook show more ...
We often write about scams promising someone mountains of gold, when in reality the opposite happens and their pockets get emptied. Similarly, cybercriminals can get their hands on the money of entire companies by exploiting the greed and negligence of their employees. Thats exactly what happened with the Ronin show more ...
Researchers on Thursday found another way hackers are getting into user inboxes: creating fake invoices in PayPal, and using the legitimacy of the site to get into the inbox.
China's cyberspace regulator fined Didi Global just over 8 billion yuan ($1.2 billion) on Thursday for violating cybersecurity and data laws, putting an end to a yearlong investigation into the ride-hailing giant.
To secure an OSS bucket, a user has to set up a proper access policy. If this is done incorrectly, a malicious user can upload or download a user’s files to or from the bucket itself.
The Windows Account Lockout Policy allows enterprise network admins to set a lockout threshold – a specific number of failed logon attempts – after which a user account will be locked.
The flaw, which was fixed by Google on July 4, 2022, is a heap buffer overflow that resides in the Web Real-Time Communications (WebRTC) component, it is the fourth zero-day patched by Google in 2022.
A dark web ransomware forum ad has listed a new ransomware family, dubbed Luna, that can encrypt multiple platforms, including Windows, Linux, and ESXi systems. Luna is simple ransomware that is still in development and has limited capabilities. Stay tuned for more updates on Luna with daily threat intel.
Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the flaw to log into unpatched servers.
Microsoft Office flaws allow system infection, command execution, and malware distribution, including Cobalt Strike. Despite that security updates are available for these vulnerabilities, these still top the list of most exploited flaws.
Researchers with Censys, a firm that indexes devices connected to the internet, said Thursday they’ve found what appears to be a ransomware command and control network capable of launching attacks, including one host located in the U.S.
Local governments in New York will receive resources and assistance to counteract ransomware and other cyberattacks under a shared services program launched by the state on Thursday, Gov. Kathy Hochul's office announced.
This acquisition reinforces Applus+ capacity to meet the increasing demand for products and systems requiring cybersecurity services driven by the Internet of Things (IoT).
Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill.
According to a new report by HP Wolf Security, the price of cyber criminality is tumbling, with 76% of malware advertisements, and 91% of exploits, found to retail for under $10.
As the convergence of IT and OT continues, the risk of cyber threats will continue to rise along with it. Building a collaborative security team across both IT and OT will help to reduce organizational risk and fortify critical infrastructure.
NIST’s new draft publication is designed to help the healthcare industry maintain the confidentiality, integrity, and availability of electronic protected health information, or ePHI.
Not only did the breach harm the finances and reputation of Kronos itself, but it did significant harm to all the businesses and organizations that relied on Kronos as a third-party vendor.
Since WebAssembly code is in a binary format and runs very efficiently, it increases the ROI for cryptojacking attackers and makes detection and analysis by conventional antivirus scanners more challenging to decode.
The security flaw, tracked as CVE-2022-31107, is present in versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, and has been patched by Grafana in versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10.
Patches for these vulnerabilities are included in Drupal 9.4.3 and 9.3.19. The information disclosure flaw also impacts Drupal 7 and a fix has been included in version 7.91.
Kiran Ahuja, director of the Office of Personnel Management, told lawmakers on Thursday that her agency wants “to work with Congress to develop a government-wide cyber workforce plan that puts agencies on equal footing in competing for cyber talent.”
Several business associations have warned their members against this fraud after PSPCL issued a public notice regarding the same. Businessmen are also demanding that authorities take strict action against the people running this scam.
First on the list is CVE-2022-2030, an authenticated directory traversal vulnerability in the Common Gateway Interface (GLI) programs of some Zyxel firewalls. This was caused by specific character sequences within an improperly sanitized URL.
Settlements in class action lawsuits filed in the aftermath of two separate major breaches serve as the latest examples of threats and risks involving email hacks - as well as underlining the threat of litigation in the wake of such incidents.
The threat actor entry point was a system belonging to Costa Rica’s Ministry of Finance, to which a member of the group referred to as ‘MemberX’ gained access over a VPN connection using compromised credentials.
SonicWall has published a cybersecurity advisory today to warn of a critical SQL injection flaw impacting the GMS (Global Management System) and Analytics On-Prem products.
Tracked as CVE-2022-26136, the first of the flaws could allow a remote, unauthenticated attacker to send specially crafted HTTP requests and authenticate to third-party apps, or to launch an XSS attack, to execute JavaScript code in a user’s browser.
The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East.
Open-Xchange App Suite versions 7.10.6 and below suffer from OS command injection and cross site scripting vulnerabilities. One particular cross site scripting issue only affects versions 7.10.5 and below.
Backdoor.Win32.Eclipse.h malware suffers from a hardcoded credential vulnerability.
Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.
Apple Security Advisory 2022-07-20-6 - watchOS 8.7 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-07-20-5 - tvOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, out of bounds read, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-07-20-4 - Security Update 2022-005 Catalina addresses code execution, information leakage, null pointer, out of bounds read, and out of bounds write vulnerabilities.
Apple Security Advisory 2022-07-20-3 - macOS Big Sur 11.6.8 addresses code execution, information leakage, null pointer, out of bounds read, and out of bounds write vulnerabilities.
Apple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-07-20-1 - iOS 15.6 and iPadOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk,"
The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed
Microsoft has officially resumed blocking Visual Basic for Applications (VBA) macros by default across Office apps, weeks after temporarily announcing plans to roll back the change. "Based on our review of customer feedback, we've made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios," the company said in an update on July
Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of tweets. "We heard your feedback that you find the app permissions section in Google Play useful, and
Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of
Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in
