Were witnessing a new malicious mass-mailing campaign aimed at company employees using Agent Tesla spyware attachments. This time, when creating their e-mail messages, the attackers pay special attention to detail — so that their messages can really be mistaken for regular business e-mails with attached documents. show more ...
A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly show more ...
In an update yesterday, the social media company explained that the bug meant users who proactively changed their passwords on one device may have still been able to access open sessions on other screens.
Hackers are abusing Google’s Tag Manager (GTM) containers to install malicious e-skimmers that steal payment card data and personally identifiable information of shoppers on e-commerce sites, according to a new report from Recorded Future.
The malware, while relatively unsophisticated from a technical standpoint, comes with extensive capabilities to steal sensitive data from an infected device, send SMS messages on the victim's behalf, make phone calls, and track their locations.
The threat actor has now switched from the Babadeda crypter to a new staged downloader while using the same delivery infrastructure as before. The new downloader adds increased defense evasion abilities to this malware.
An angry developer leaked the builder for LockBit Black (version 3.0) on Twitter. The builder enables anyone to rapidly build the executables necessary for launching a ransomware operation. For staying protected, organizations are suggested to invest more in cybersecurity solutions.
Portugal’s national airline TAP Air Portugal says hackers obtained the personal data of some of its customers and have published the information on the dark web. No payment data was taken in the cyberattack, the flag carrier said in a statement.
In Firefox 105 a total of seven vulnerabilities were patched, three of which received the security risk rating "high". In Thunderbird, three security vulnerabilities were patched. One with the rating “high” risk.
The threat actor using Crytox ransomware has been active since at least 2020. Unlike most ransomware groups, the Crytox threat actor does not perform double extortion attacks where data is both encrypted and held for ransom.
Attackers view smaller firms as having fewer security protocols in place, therefore requiring less effort to compromise. Lumu has found that compromise is significantly different for small businesses than for medium-sized and large enterprises.
Between August 21 and 27, researchers at INKY detected Netflix being impersonated in a PII data harvesting campaign utilizing malicious HTML attachments compressed in zip files.
Many embedded devices utilize this library, but Talos specifically confirmed that the Anker Eufy Homebase 2, version 2.1.8.8h, is affected by this vulnerability. Anker confirmed that they’ve patched this issue. uClibC has not issued an official fix.
The CISA has added a critical severity Java deserialization vulnerability affecting multiple Zoho ManageEngine products to its catalog of bugs exploited in the wild that need to be patched immediately by FCEB agencies.
While investigating two cases lodged at a police station in Ghatkopar along the eastern suburbs, the Mumbai Police’s cyber sleuths traced the suspects online to a location that had not popped up on their radar before — Ernakulam in Kerala.
The joint advisory describes the five typical steps involved in planning and executing such an attack. The agencies believe that understanding threat actors’ TTPs can be useful for implementing protections and countering adversaries.
An audit of the National Institutes of Health grant program revealed a number of cybersecurity risks and a lack of adequate policies to ensure grantees were adhering to risk-based protocols.
Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam.
The attacks are also a continuation of an ongoing campaign that has distributed similar rewards-themed apps for other Indian banks such as the State Bank of India (SBI) and Axis Bank in the past.
The committee is investigating the use by governments of Israel’s Pegasus spyware and other invasive surveillance tools, viewing such technology as a threat to democracy in the 27-nation bloc.
Since 2020 more than 190 apps infected with Harly have been found on Google Play. A conservative estimate of the number of downloads of these apps is 4.8 million, but the actual figure may be even higher.
Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021.
Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites.
Evil-Colon operates similarly to the now-defunct Poison-NULL-Byte attacks. Though Poison-NULL-Byte attacks are now obsolete, they may have paved the path for new, similar attacks that could wreak havoc in your code if not dealt with properly.
The vulnerabilities were found in versions 22.05 and below. At the time of the writing of this advisory, discovered issues have been fixed and updates published by the vendor.
The latest preview of Windows 11 ships with the SMB server authentication rate limiter on by default, making it much more time-consuming for attackers to target the server with password-guessing attacks.
The group attacks with variants of two Windows malware platforms deployed directly into memory, with indications of an additional Linux implant, and are capable of rapid adaptations.
Ubuntu Security Notice 5629-1 - It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic.
Ubuntu Security Notice 5631-1 - It was discovered that libjpeg-turbo incorrectly handled certain EOF characters. An attacker could possibly use this issue to cause libjpeg-turbo to consume resource, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that libjpeg-turbo show more ...
WordPress 3dady Real-Time Web Stats plugin version 1.0 suffers from a persistent cross site scripting vulnerability.
WordPress WP-UserOnline plugin version 2.88.0 suffers from a persistent cross site scripting vulnerability.
Ubuntu Security Notice 5632-1 - Sebastian Chnelik discovered that OAuthLib incorrectly handled certain redirect uris. A remote attacker could possibly use this issue to cause OAuthLib to crash, resulting in a denial of service.
Teleport version 10.1.1 suffers from a remote code execution vulnerability.
Feehi CMS version 2.1.1 suffers from an authenticated remote code execution vulnerability.
Ubuntu Security Notice 5634-1 - Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.
Testa Online Test Management System version 3.5.1 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5633-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered show more ...
TP-Link Tapo c200 version 1.1.15 suffers from a remote code execution vulnerability.
Ubuntu Security Notice 5630-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and show more ...
An SMS-based phishing campaign is targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. The Microsoft 365 Defender Research Team said that the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank. "The malware's RAT capabilities allow the attacker to
Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain
A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. "The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency
What on earth were they thinking? That's what we – and other security experts – were wondering when content giant Patreon recently dismissed its entire internal cybersecurity team in exchange for outsourced services. Of course, we don't know the true motivations for this move. But, as outsiders looking in, we can guess the cybersecurity implications of the decision would be inescapable for any
A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021. "Void Balaur [...] primarily dabbles
GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted "many victim organizations." The fraudulent messages claim to
A self-proclaimed cryptocurrency millionaire has been charged with multiple felonies for his alleged role in a scam that purported to sell a high-powered cryptomining machine called the "Bitex Blockbuster" that did not actually exist. Read more in my article on the Hot for Security blog.
Between 5-7 October, I will be chairing the UK's National Information Security Conference (better known as NISC), at Carden Park in Cheshire. It's a great event - you should come along. Oh, and we'll do the podcast "live" there as well...
The boy, who has not been named, was arrested as part of an investigation by the National Crime Agency (NCA). He remains in police custody. Although at the time of writing no more details have been shared, there is speculation online that the arrest is in relation to the recent hacks of Uber and Rockstar Games.
