In September 2022, Trellix published a report on a vulnerability in the tarfile module, which is part of a standard library for the Python programming language and can be used by anyone. The vulnerability allows an arbitrary file to be written to an arbitrary folder on the hard drive, and in some cases it also allows show more ...
Episode 269 of the Transatlantic Cable kicks off with news that Interpol is after the CEO of the failed cryptocurrency firm, Terra. Originally cited as a potential star in the crypto-world, Terra fell in the recent crypto-crash. After that, the team move on to a more disturbing story around NFTs and terror groups – show more ...
Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a show more ...
Akamai researchers on Wednesday reported that based on a newly observed domain (NOD) dataset, they have flagged almost 79 million domains as malicious in the first half of 2022.
While the ransomware group was first observed in March, IceFire emerged on NCC Group's radar last month when attacks against English-speaking organizations soared to place it in the top list of reported threat actors.
The criminals behind DDoS attacks – who often lease out their services for others to use – continue to find new ways to make attacks more effective, according to Netscout, who estimate over 6 million DDoS attacks around the world during H1 2022.
An internet outage that affected Tucsonans over the weekend was due to a cyber attack, according to Cox Communications. Cox says the attack has been stopped and that no customer information was compromised.
A cyber espionage group is targeting the governments of several Middle Eastern nations and has previously attacked the stock exchange of an African country, using malware to steal troves of data.
Russia’s physical invasion of Ukraine has been accompanied by “probably the most sustained and intensive cyber campaign on record” according to one of the United Kingdom’s most senior cybersecurity officials.
A ransomware operation named Royal is quickly ramping up, targeting corporations with ransom demands ranging from $250,000 to over $2 million. Royal is an operation that launched in January 2022.
“Companies need to look at data storage not as an asset, but as a liability or a potential liability,” the Attorney-General Mark Dreyfus said. “For too long we have had companies solely looking at data as an asset that they can use commercially.”
Securonix disclosed details about a new attack campaign aimed at multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier. The attack begins with a phishing email sent to employees. With mild confidence, researchers attributed the attack campaign to APT37, owing to similarities to its attack history.
A threat actor exploiting these flaws could break the confidentiality of Matrix communications and run man-in-the-middle attacks that expose message contents in a readable form.
A new report from the WatchGuard Threat Lab shows a reduction in overall malware detections from the peaks seen in the first half of 2021, along with an increase in threats for Chrome and Microsoft Office and the ongoing Emotet botnet resurgence.
A phishing campaign impersonating a government organization in the U.S. and a trade union in New Zealand attempts to deliver Cobalt Strike beacons on infected endpoints. The campaign exploits CVE-2017-0199, an RCE bug, that involves a multistage and modular infection chain with fileless, malicious scripts. The payload identified is a leaked version of a Cobalt Strike beacon.
Cisco announced IOS and IOS XE software updates that address 12 security vulnerabilities. The bugs were resolved as part of Cisco’s semiannual bundle patches for its networking software, which it releases in March and September.
The insider went on to help researchers understand the inner workings of the group that became known as REvil, whose antics and crimes made headlines after attacking beef producer JBS.
The two proposals the European Commission adopted on September 28, 2022, will modernize the existing rules on the strict liability of manufacturers for defective products (from smart technology to pharmaceuticals).
The hackers, a sub-group of Lazarus called ZINC, are weaponizing a wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installers in a new wave of malware attacks.
The acquisition will strengthen Pathlock's vision of providing the industry's most complete 360-degree platform for application security and control automation for the SAP ecosystem.
Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems.
Despite being founded less than a year ago, Ox has raised $34 million in seed funding and has 30 customers including FICO, Kaltura, and Marqeta. Its investors include Evolution Equity Partners, Team8, Rain Capital, and M12, Microsoft’s venture fund.
The threat, which was discovered and published on Twitter by Brett Callow from Emsisoft, effectively gives the Los Angeles school district less than four days to respond. Vice Society did not include any details about the data it plans to publish.
BlueSky is a ransomware firstly spotted in May 2022. The group behind the ransomware doesn’t adopt the double-extortion model and their targets are even normal users because the ransomware has been discovered inside cracks of programs and games.
The fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.
The U.S. Department of Justice says in a press release that the defendant pled guilty yesterday to accessing his former employer's website and making configuration changes to redirect web and email traffic to external computers.
Gentoo Linux Security Advisory 202209-27 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.3.0:esr are affected.
Gentoo Linux Security Advisory 202209-20 - Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Versions less than 7.4.30:7.4 are affected.
Gentoo Linux Security Advisory 202209-24 - Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Versions less than 2.4.9 are affected.
Gentoo Linux Security Advisory 202209-22 - A vulnerability has been found in Kitty which could allow for arbitrary code execution with user input. Versions less than 0.26.2 are affected.
Gentoo Linux Security Advisory 202209-26 - Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service. Versions less than 1.18.6 are affected.
Gentoo Linux Security Advisory 202209-23 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 105.0.5195.125 are affected.
Gentoo Linux Security Advisory 202209-25 - A vulnerability has been discovered in Zutty which could allow for arbitrary code execution. Versions less than 0.13 are affected.
Gentoo Linux Security Advisory 202209-21 - A vulnerability has been discovered in Poppler which could allow for arbitrary code execution. Versions less than 22.09.0 are affected.
Gentoo Linux Security Advisory 202209-19 - Multiple vulnerabilities have been discovered in GraphicsMagick, the worst of which are fuzzing issues presumed to allow for arbitrary code execution. Versions less than 1.3.38 are affected.
Joomla DJ-Classifieds Ads extension version 3.9 suffers from a cross site scripting vulnerability.
jCart for OpenCart version 3.0.3.19 suffers from a cross site scripting vulnerability.
Gentoo Linux Security Advisory 202209-18 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. Versions less than 102.3.0 are affected.
Gentoo Linux Security Advisory 202209-17 - Multiple vulnerabilities have been found in Redis, the worst of which could result in arbitrary code execution. Versions less than 7.0.5 are affected.
Gentoo Linux Security Advisory 202209-16 - Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution. Versions less than 5.63 are affected.
Joomla JoomRecipe extension version 4.2.2 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-6750-01 - Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-6755-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR5-FP15.
Red Hat Security Advisory 2022-6756-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP15.
Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. That's according to Vietnamese cybersecurity company GTSC, which discovered the shortcomings as part of its security monitoring and incident response efforts in August 2022. The
Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410
A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. "The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday. "The beacon configuration contains
Endpoint devices like desktops, laptops, and mobile phones enable users to connect to enterprise networks and use their resources for their day-to-day work. However, they also expand the attack surface and make the organisation vulnerable to malicious cyberattacks and data breaches. Why Modern Organisations Need EDR According to the 2020 global risk report by Ponemon Institute, smartphones,
A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, which is
Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access
Luxury pre-owned watch website Watchfinder has warned its user base that their personal data has been accessed after an employee's account was broken into and a customer list accessed.
Two men, who previously worked at eBay, have been sentenced to prison after admitting their role in a cyberstalking campaign that targeted the editor and publisher of a newsletter that criticised the company. Read more in my article on the Hot for Security blog.
