Episode 266 of the Transatlantic Cable kicks off with news that TikTok has had a data breach. However, all is not as it appears. After digging into the details, it appears that the breach may not be as clear cut as it first seems. Following that, the team look at a story concerning Samsung and a confirmed data breach show more ...
Someone is now tracking the TeamServers (C2) used by ransomware actors to control the Cobalt Strike (CS) Beacon payloads on compromised hosts (clients), which allow lateral movement on the network.
Malware infiltrating Android devices to steal bank login details is nothing new, but the threat around it is only growing intense with the detection of new variant of SharkBot and the introduction of a new trojan, dubbed Zanubis. To keep malware infections at bay, users must be mindful before giving unnecessary permissions to apps.
Uptycs researchers found an ELF ransomware encrypting files in Linux systems according to the provided folder path. Based on the Onion link in the binary, it is believed to be still under development.
CodeRAT author leaked the source code of the malware on GitHub after being confronted by security researchers. It was being used to target Farsi-speaking code developers via a Word document hosting Dynamic Data Exchange (DDE) exploit. CodeRAT supports 50 commands such as taking screenshots, copying the clipboard, list show more ...
LockBit ransomware group has enhanced its technical capabilities and infrastructure in the form of protection from DDoS attacks and adopting triple extortion tactics. Further, the operators announced an increase in duplicate servers and mirrors and an increase in the availability of stolen data by using Clearnet via a bulletproof storage service.
Cisco Talos has reported about cybercriminals dropping ModernLoader RAT and RedLine Stealer, in three different campaigns. In one of the campaigns earlier this year, it was also observed delivering the XMRig cryptomining malware. Attackers compromise vulnerable web apps to host their malware that are delivered via files masquerading as Amazon gift cards.
First discovered in June 2021, the Redeemer ransomware has since been released in four different versions - 1.0, 1.5, 1.7, and 2.0. All the versions, written in C++, bring major changes in the way they encrypt files.
The threat actors reportedly sent malicious attachment emails in French to employees in Ivory Coast, Morocco, Cameroon, Senegal, and Togo utilizing diverse file types, including PDF, Word, ZIP, and ISO files, to lure victims.
Curated and reviewed by the Go security team, based on CVEs, GitHub Security Advisories, and reports from maintainers, the new vuln.go.dev website host a list of known vulnerabilities in packages that can be imported from public Go modules.
The Russia–affiliated hacking group Killnet claimed responsibility for a series of cyberattacks against Japanese companies and 20 websites across four government ministries.
HP Support Assistant is used to troubleshoot issues, perform hardware diagnostic tests, dive deeper into technical specifications, and even check for BIOS and driver updates on HP devices.
Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month.
The material hacked includes copies of drivers' licences, passports, rates invoices, tenancy agreements, utility bills, and other council membership cards – all items provided by pool users as proof of residency.
The company is currently in stealth mode and has yet to be officially launched. Some of the most prominent venture capital firms took part in the seed round, including Greylock, Cyberstarts, Leaders VC, and other private investors.
A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX.
After hacking the bank server, the fraudsters raised the daily withdrawal limit of the four accounts and linked the accounts with fake mobile connections for alerts and one-time passwords (OTPs).
Experts at DataBreaches.net examined the stolen data leaked by AvosLocker and found that the group managed to take at least 69,000 files that contained student information, personnel files, and business data.
The newly introducted Zoom Customer Managed Key lets customers implement encryption technology of their choice to encrypt voicemails, cloud recordings, and calendar access, among others.
The credential stuffing attack on The North Face website began on July 26, 2022, but the website's administrators detected the unusual activity on August 11, 2022, and were able to stop it on August 19, 2022.
Between July 25 and 29, UN member states gathered in New York for the third substantive session of the Open-Ended Working Group on the security in and of information and communications technologies (OEWG).
A layered defense is important to make it difficult to carry out a successful attack, but by adopting a recovery-first strategy you also limit the damage of an attack so perpetrators look elsewhere for a more profitable, easier-to-take-down quarry.
Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain.
The National Transportation Safety Board is the only federal civilian agency under the authority of the CISA that has not developed and implemented a required vulnerability disclosure policy, according to a review conducted by Nextgov.
While solutions exist for prevention, most solutions focus on one or a few types of fraud. Fraud happens at such an unprecedented scale that utilizing law enforcement to disrupt bad actors is a hard value proposition.
Since August 20, Cisco Talos has been monitoring suspected DDoS attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service (RaaS) data leak sites.
Two-thirds of respondents in the Ponemon study who had experienced ransomware attacks said they disrupted patient care, and 59% of them found they increased the length of patients’ stays, straining resources.
This zero-day bug is caused by a faulty password validation algorithm that attackers could exploit to log into the VPN on vulnerable devices using what the company describes as "crafted credentials" if the IPSec VPN Server feature is enabled.
The Cyber Department of the Ukrainian Security Service (SSU) dismantled two more bot farms that spread Russian disinformation on social networks and messaging platforms via thousands of fake accounts.
According to researchers at Cisco Talos, who uncovered the latest operation, Lazarus targeted the energy organizations between February and July 2022, leveraging public VMWare Horizon exploits for initial access.
Malicious redirects are the most common example of .ico malware seen by Sucuri researchers but attackers leverage this file type for other purposes as well, including concealing credit card skimmers.
The cloud-native data security company plans to use the new funding to expand its engineering, sales, and marketing operations, to accelerate its roadmap and support for large enterprises.
Notably, the high-powered steering committee has been entrusted with the task of overseeing and providing overall guidance on cyber security initiatives for SEBI as well as for the entire capital market.
When asked, "Do you believe a breach of your organization could potentially constitute a threat to U.S. national security?", a hearty 69.4% insisted they thought this was possible in a new survey.
Security researchers from IHTeam have uncovered a serious vulnerability in a plugin to the pfSense firewall technology. The pfSense pfBlockerNG vulnerability is tracked as CVE-2022-31814.
This Metasploit module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection occurs because Spark checks the group membership of the user passed in the ?doAs parameter show more ...
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
Red Hat Security Advisory 2022-6392-01 - The ovirt-host package consolidates host package requirements into a single meta package. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6393-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource show more ...
Red Hat Security Advisory 2022-6258-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.31. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6382-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.3. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-6384-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6385-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6383-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6386-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 4976-2 - USN-4976-1 fixed a vulnerability in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 ESM. Dnsmasq has been updated to 2.79-1 for Ubuntu 16.04 ESM in order to fix some security issues. Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in show more ...
Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain. The tech giant, which is monitoring the activity cluster under the moniker DEV-0270 (aka Nemesis Kitten), said it's operated by a company that functions under the public aliases Secnerd and
Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service (
Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna. Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the spear-phishing attacks heavily focusing on Ivory Coast in recent months, Israeli cybersecurity firm Check Point
A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan. “The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary’s nation-state,” Cisco Talos said in a report shared
A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is
A recent report revealed that ecommerce provider, Shopify uses particularly weak password policies on the customer-facing portion of its Website. According to the report, Shopify's requires its customers to use a password that is at least five characters in length and that does not begin or end with a space. According to the report, Specops researchers analyzed a list of a billion passwords
Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in
Students learn a valuable lesson when it comes to AI detecting guns on campus, SIM swappers are surprisingly stupid, and romance scammers get scammed by someone (or some thing?) calling themselves Chiquita Banana. All this and much more is discussed in the latest edition of the award-winning "Smashing show more ...
A ransomware gang that has been increasingly disproportionately targeting the education sector is the subject of a joint warning issued by the FBI, CISA, and MS-ISAC. Read more in my article on the Tripwire State of Security blog.
