Open-source code is a blessing for the IT industry — it helps programmers save time and build products faster and more efficiently by eliminating the need of writing repetitive common code. To facilitate this knowledge sharing, there are repositories — open platforms where any developer can publish their own show more ...
The 911 service as it existed until July 28, 2022. 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt show more ...
Researchers discovered a zero-day vulnerability affecting older versions of PrestaShop websites. The bug can be exploited to harvest customers’ payment information. After the attack, the remote attackers erase their traces that stops the site owner from knowing that they were breached. Experts suggest disabling the MySQL Smarty cache storage features until a patch is issued.
Kaspersky observed a UEFI rootkit malware, dubbed CosmicStrand, on machines with ASUS and Gigabyte motherboards. CosmicStrand has a lengthy, intricate execution chain to infect Windows machines with a kernel-mode implant while remaining undetected and persist in a system as long as feasible.
When the Conti ransomware brand imploded earlier this year, the big question was who would seize its position and become the world's worst - or best, depending on perspective - criminal encryption gang. One clear winner has emerged: LockBit.
St. Luke’s said the breach happened in late May, and impacted customers billed in that same month. The vendor discovered the breach in June and informed St. Luke’s on July 6th.
It has distributed hacked and leaked data from more than 200 entities, including U.S. law enforcement agencies, fascist groups, shell companies, tax havens, and the far-right social media sites Gab and Parler.
The attack, said to be the work of the Hive ransomware group, also affected Kimberley college for 16-19-year-olds. Both Wooton Upper School and Kimberley college are part of the Wootton Academy Trust.
IBM’s Cost of a Data Breach report revealed that the total cost of a data breach is $4.35 million, a 13% increase since 2020. Stolen credentials are responsible for 19% of all breaches, followed by phishing at 16%. However, the share of organizations deploying zero-trust has grown from 35% in 2021 to 41% in 2022.
The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain unrestricted access to all pages in Confluence.
There is a new warning about an alleged data breach affecting some City of Detroit retirees. Personal information, including Social Security Numbers, appears to have been exposed online.
A new report by GlobalData estimates that up to 22 million US health records have been breached so far in 2022. The healthcare industry is often a prime target of ransomware attacks as they store valuable and confidential data on their customers.
An Akamai customer in Eastern Europe was targeted 75 times in a month with multiple types of DDoS attacks, including UDP, UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood, and PUSH flood.
The popularity of stolen data bazaar BreachForums surged after it was used to sell a giant database of stolen information describing Chinese citizens, threat intelligence firm Cybersixgill said on Thursday.
The U.S. Justice Department is investigating a cyber breach involving the federal court records management system, the department's top national security attorney told lawmakers on Thursday.
The attackers receive compensation for the bandwidth by setting their email address for the user, while the victims might only notice some connectivity slowdowns and hiccups.
The US Cybersecurity and Infrastructure Security Agency (CISA) announced yesterday that it had signed a Memorandum of Cooperation (MoC) with the Ukrainian State Service of Special Communications and Information Protection of Ukraine (SSSCIP).
This malware uses the Contact Provider. The Contact Provider is the source of data you see in the device’s contacts application, and you can also access its data in your own application and transfer data between the device and online services.
It is incredibly clever since it matches the login page that the end-user is accustomed to seeing. It adds a Google reCAPTCHA form to boost legitimacy and get past automated scanners.
A sneaky new phishing attack attempts to manipulate victims into entering their username and password by claiming their account will be deleted if they don't - and it uses a countdown timer to pile on the pressure.
In a data breach notice on its website, OneTouchPoint lists 34 healthcare insurance carriers and healthcare services providers that have been impacted, but the number appears to be larger.
The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file.
A pair of vulnerabilities in Google Cloud, DevSite, and Google Play could have allowed attackers to achieve cross-site scripting (XSS) attacks, opening the door to account hijacks.
Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021.
Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras.
Transposh WordPress Translation versions 1.0.8.1 and below have a "save_transposh" action available at "/wp-admin/admin.php?page=tp_advanced" that does not properly validate the "Log file name" allowing an attacker with the "Administrator" role to specify a .php file as the log show more ...
Ubuntu Security Notice 5541-1 - Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. Jann Horn discovered that the FUSE file system in show more ...
Transposh WordPress Translation versions 1.0.8.1 and below have a "tp_editor" page at "/wp-admin/admin.php?page=tp_editor" that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters "order" and "orderby" is processed by the web application.
Ubuntu Security Notice 5540-1 - Liu Jian discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the USB gadget show more ...
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin's "Utilities" page leading to unauthorized access for all user roles, including "Subscriber".
Red Hat Security Advisory 2022-5753-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and show more ...
Geonetwork versions 3.1.x through 4.2.0 suffer from an XML external entity injection vulnerability.
Ubuntu Security Notice 5539-1 - It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service. Duoming Zhou show more ...
Transposh WordPress Translation versions 1.0.8.1 and below have an ajax action called "tp_history" which is intended to return data about who has translated a text given by the "token" parameter. However, the plugin also returns the user's login name as part of the "user_login" attribute. show more ...
Ubuntu Security Notice 5536-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, bypass Subresource Integrity protections, obtain sensitive information, or execute arbitrary code.
Crime Reporting System version 1.0 suffers from a persistent cross site scripting vulnerability.
Transposh WordPress Translation versions 1.0.8.1 and below suffer from cross site request forgery vulnerabilities.
Ubuntu Security Notice 5537-2 - USN-5537-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.39 in Ubuntu 16.04 ESM.
rpc.py version 0.6.0 suffers from a remote code execution vulnerability.
Ubuntu Security Notice 5538-1 - It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
Transposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab, which by default allows "Anonymous" show more ...
Red Hat Security Advisory 2022-5754-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as show more ...
Dingtian-DT-R002 version 3.1.276A suffers from an authentication bypass vulnerability.
Ubuntu Security Notice 5537-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.30 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.39. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_translation" which is available to authenticated or unauthenticated users (see CVE-2022-2461) that allows them to submit new translations. Translations submitted this way are shown on the Transposh administrative interface on the show more ...
Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_tp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application does show more ...
Whitepaper called Abusing Microsoft System Center Configuration Manager (SCCM). Written in Arabic.
WordPress WP-UserOnline plugin versions 2.87.6 and below suffer from a persistent cross site scripting vulnerability.
A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain
Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network (RAR), which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies (DGPCE) and used to
Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the
The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS, short for InterPlanetary File System, is a
The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity
A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been
An Irish court has jailed three romance scammers who tricked a 66-year-old woman out of her life savings, and even tricked her into visiting Dubai at her own expense. Read more in my article on the Hot for Security blog.
