Our researchers examined a new version of the CosmicStrand rootkit, which they found in modified UEFI (Unified Extensible Firmware Interface) firmware — the code that loads first and initiates the OS boot process when the computer is turned on. The danger of UEFI malware Since UEFI firmware is embedded in a chip on show more ...
An urgent advisory from PrestaShop warned that hackers are exploiting a "combination of known and unknown security vulnerabilities" to inject malicious code on e-commerce sites running the PrestaShop software.
The UK’s National Cyber Security Centre (NCSC) has unveiled proposals to establish a new Cyber Advisor service for small and medium-sized enterprises (SMEs) and is asking for the security community’s input to help make it a success.
Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. This malware was first spotted by the Chinese firm Qihoo360 in 2017.
Where Luca Stealer stands out against other info-stealers is the focus on password manager browser addons, stealing the locally stored data for 17 applications of this kind.
The feature, which follows the company's decision to resume blocking of Visual Basic Application (VBA) macros for Office documents, is also expected to be backported to older versions of Windows and Windows Server.
Inside the Hive group, there is surely a high-profile development team, with deep knowledge of programming in both newer and older languages as it wrote first versions of the encryptor in Golang and then switched to Rust starting from the v5 version.
The Biden administration late last week issued guidance that laid out the cybersecurity funding priorities that federal agencies should adhere to for the upcoming fiscal year 2024 budget cycle.
Delhi Police has advised people against sharing personal details to such suspicious messages. It informed that MTNL does not carry out KYC verification over WhatsApp. It further cautioned against clicking on unverified links and downloading any apps.
The attack exploits a section of the Grails data-binding logic, which is invoked in a number of ways including the creation of command objects, domain class construction, and manual data binding when using bindData.
Members of the public have been warned not to give away any credit card information and personal details to fraudsters posing as charity platform Giving.sg after a spate of phishing emails were flagged.
While Israel traditionally sticks to ambiguous responses, these latest examples and others suggest that may be changing. Iran also broke its silence and chose to publicly discuss some of these incidents.
The threat actor reaches out to employees on LinkedIn who could have Facebook business account access, for example, people listed as working in “digital media” and “digital marketing” as their roles.
The TSA says the new rules, which have been developed based on the feedback received from the industry, focus on “performance-based – rather than prescriptive – measures to achieve critical cybersecurity outcomes.”
Security researchers at Intel 471 have discovered several information stealers that are freely available for download that rely on Discord or Telegram for their functionality.
Launched in July 2016, No More Ransom is an online portal and a public-private partnership created by law enforcement (Europol and the Dutch National Police) and IT security companies (Kaspersky and McAffee).
TA4563 is once again targeting European financial and investment entities, especially those involved with cryptocurrency, foreign exchanges, and DeFi, with the Evilnum malware. As a method of testing the efficacy of the delivery methods, the updated version of Evilnum employs a diverse mix of ISO, Microsoft Word, and Shortcut (LNK) files. As per the latest analysis, the malware is under active development.
LockBit's similarities to BlackMatter come from overlaps in the privilege escalation and harvesting routines used to identify APIs for process termination as well as the use of anti-debugging and threading techniques designed to thwart analysis.
According to a post-mortem report published by Audius on Sunday, the hacker exploited a bug in the contract initialization code that allowed them to perform repeated invocations of the initialize functions.
The new campaign is utilizing the Robin Banks platform to target victims via SMS and email, with the goal of accessing credentials and financial information pertaining to Citibank, in addition to Microsoft account credentials.
The Quantum Computing Cybersecurity Preparedness Act addresses federal agencies’ preparedness for quantum computing and requires them to adopt proper defenses against quantum-computing-enabled data breaches.
An eerily realistic-seeming Google Search YouTube ad is redirecting visitors to tech support scams masquerading as security alerts from Windows Defender. In case a user is using a VPN connection, it is sent to the genuine YouTube site. Users are suggested to use a reliable anti-malware solution that blocks such malicious sites.
A threat group calling itself the Atlas Intelligence Group, or AIG, was spotted offering cybercriminals a broad range of services such as leaked databases and DDoS services, hacking scripts, and more. AIG’s approach and operational efficiency make them hard to detect and a constant source of threat to the world of cybersecurity.
This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers.
Ubuntu Security Notice 5532-1 - It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclose sensitive information.
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Garage Management System version 1.0 suffers from a remote shell upload vulnerability.
Expert X Jobs Portal and Resume Builder version 1.0 suffers from a remote SQL injection vulnerability.
PCProtect Endpoint version 5.17.470 fails to provide sufficient anti-tampering protection that can be leveraged to achieve SYSTEM privileges.
Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22. PrestaShop is
An information-stealing malware called Amadey is being distributed by means of another backdoor called SmokeLoader. The attacks hinge on tricking users into downloading SmokeLoader that masquerades as software cracks, paving the way for the deployment of Amadey, researchers from the AhnLab Security Emergency Response Center (ASEC) said in a report published last week. Amadey, a
FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty
Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in June 2022, launching a brand new leak site and what's the very first ransomware bug bounty program,
The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread of mobile banking apps, chat-based customer service, and other digital tools. Adobe's 2022 FIS Trends Report, for instance, found that more than half of the financial services and insurance firms surveyed experienced a notable increase in digital/mobile
As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This
An unauthorised party has seized control of the @avtestorg Twitter account, nuked its profile picture and banner, replaced its name and description with a full-stop, and set about retweeting numerous messages about NFTs. Anti-virus testing organisation AV-Test appears to have done nothing wrong, so how was its account hacked?
