Starting July 20, all developers who publish Android apps in the Google Play store must detail what data they collect and how they use it. However, this undeniably positive innovation has been rather overshadowed by the forces of optimization: now, before installing an app, you have no way of knowing what data sources show more ...
The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System — a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in show more ...
Kaspersky linked an attack campaign deploying the new PortDoor malware, backdooring the defense industry in Eastern Europe, to Chinese APT TA428. The cyberespionage operation has been targeting design bureaus, research institutes, industrial plants, government agencies, and ministries across Belarus, Russia, Ukraine, and Afghanistan.
Payment cards from most major banks and ewallet services in the country are accepted by the gateway, making the incident especially concerning. While it is unclear when the incident occurred, iPay88 said that the leak was detected on May 31.
On July 26, 2022, the Acting New Jersey Attorney General announced that the state is co-leading an $8 million multistate settlement with Wawa, Inc. (Wawa) that resolves a data breach that occurred from April 18, 2019, to December 12, 2019.
Similar to previous routines, this new component is spread via fake crack (also known as warez) websites. The component is usually distributed in one dropper together with a browser stealer and bundled with other unrelated pieces of malware.
Not surprisingly, slick, experienced threat actors are shifting their focus more and more to using so-called “shortcut” or LNK files to deliver their malware more quickly, the HP Wolf Security Threat Insights Report noted.
Bitter APT is spreading Dracarys Android spyware via a trojanized version of Signal, an encrypted messaging app, to harvest sensitive data from users across the globe. The cyberespionage campaigns are conducted against users in New Zealand, the U.K, India, and Pakistan.
A former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information of certain Twitter users and passing them to Saudi Arabia. The man faces from 10 up to 20 years in prison when he’s sentenced.
A cyberattack on a major IT provider of the NHS has been confirmed as a ransomware attack. Advanced, which provides digital services like patient check-in and NHS 111, says it may take three to four weeks to fully recover.
For initial infection, the DoNot Team uses spear phishing emails containing malicious attachments. To load the next stage they leverage Microsoft Office macros and RTF files exploiting Equation Editor vulnerability and remote template injection.
Researchers at Resecurity have observed hackers using open redirect vulnerabilities in online service domains and apps, such as Snapchat, to bait unsuspecting users. The use of this tactic allows hackers to deliver phishing content while dodging spam filters. The specially crafted URLs lead users to malicious resources with a phishing kit called LogoKit.
Security analysts have found security issues in the payment system present on Xiaomi smartphones that rely on MediaTek chips providing the trusted execution environment (TEE) that is responsible for signing transactions.
OT and IoT cybersecurity company SCADAfence has discovered potentially serious vulnerabilities in a widely used building management system made by Alerton, a brand of industrial giant Honeywell.
The funding was led by Amiti, with participation from GFC, Amdocs Ventures, and industry leaders such as CyberArk CEO Udi Mokady and Demisto CEO and co-founder Slavik Markovich.
"KrbRelay" is a tool for forced authentication issue in Windows that can be used by a low-privileged domain user to take over a Windows computer, potentially becoming a local or domain admin within minutes.
Zeppelin is a derivative of the Delphi-based Vega malware family and functions as a RaaS. Zeppelin actors have been known to request ransom payments in Bitcoin, with initial amounts ranging from several thousand dollars to over a million dollars.
CISA orders federal government agencies to fix the two security issues in Zimbra by August 25, 2022. The vendor has already released security updates to address both vulnerabilities.
The healthcare industry has dealt with lots of heavy attacks originating from both attempts to exploit vulnerabilities, as well as spear phishing. Quickly patching vulnerabilities must be made a high priority.
The Department of Veterans Affairs Inspector General's office said the agency is "leaving its systems vulnerable to compromise by impostors who may gain access to protected information."
According to the researchers from Securelist, DeathStalker has been updating the features of VileRAT through 2021, with the latest update observed in June 2022.
The CISA on Wednesday released an election security toolkit to help state and local election officials access a variety of free tools and resources to safeguard their voting systems ahead of the upcoming midterm elections.
According to Daniel Nemiroff, senior principal engineer at Intel, fault injection attacks allow attackers to execute malicious instructions and potentially leak data through clock pin, electromagnetic, and voltage glitches.
This new technique causes a desync between the front-end and the browser, allowing an attacker to “craft high-severity exploits without relying on malformed requests that browsers will never send”, James Kettle noted.
The security hole, tracked as CVE-2022-27255 and rated ‘high severity’, has been described as a stack-based buffer overflow that can allow a remote attacker to cause a crash or achieve arbitrary code execution on devices that use the SDK.
The reward offer, first reported by WIRED, is also notable for the fact that it marks the first time the face of a Conti associate, known as "Target," has been unmasked. The four other associates are "Tramp," "Dandis," "Professor," and "Reshaev."
Morphisec Labs researchers have reported that the group has added new modules to its Windows spyware framework aka YTY, Jaca. These latest samples appear to be used in the wild.
Launched in April 2020, the security testing tool simulates OWASP and API exploits to test the detection capabilities of web application firewalls (WAFs), NGWAFs, RASPs, WAAPs, and, now, API security tools.
Research by CyCognito highlights business continuity risks such as digital asset sprawl, subsidiary risk, and the importance of reducing the time it takes to identify a vulnerable Log4j asset and patch it.
The U.S. Federal Trade Commission today initiated a potentially yearslong attempt to impose new data security and privacy regulations onto the American economy. Agency commissioners voted along party lines to initiate the rule-making process.
Three Nigerian nationals accused of participating in multimillion-dollar business email compromise fraud with a fixation on universities arrived in the United States after extradition from the United Kingdom.
Meta recently took down two cyberespionage campaigns across its social media platforms. These campaigns were being operated by Bitter APT and Transparent Tribe threat groups.
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. show more ...
A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges.
A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges.
Gas Agency Management 2022 suffers from cross site scripting, remote SQL injection, and remote shell upload vulnerabilities.
Readymade Job Portal Script suffers from a remote SQL injection vulnerability. The researcher requested version information from the vendor while reporting the vulnerability but the company has been unresponsive.
Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core technologies — things like packet switching and TCP/IP — gave much consideration to the need to secure the
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925 (CVSS score: 7.2)
The U.S. State Department on Thursday announced a $10 million reward for information related to five individuals associated with the Conti ransomware group. The reward offer, first reported by WIRED, is also notable for the fact that it marks the first time the face of a Conti associate, known as show more ...
Social media company Meta said it will begin testing end-to-end encryption (E2EE) on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the
Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker's "Kinibi" Trusted Execution
A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader
Ransomware is to blame for the closure of all 175 7-Eleven stores in Denmark on Monday. The retailer closed all of its stores in Denmark after its cash registers and payment systems were brought down in the attack. Read more in my article on the Tripwire State of Security blog.
Scammers are stealing money from children, with the alluring but bogus promise that China's tough restrictions on online gaming can be subverted. Read more in my article on the Hot for Security blog.
