Kaspersky experts have uncovered ongoing exploitation of the recently discovered CVE-2022-41352 vulnerability in Zimbra Collaboration software by unknown APT groups. At least one of those groups is attacking vulnerable servers in Central Asia. What is CVE-2022-41352 and why is it so dangerous? This vulnerability was show more ...
Aruba has released security updates for the EdgeConnect Enterprise Orchestrator, addressing multiple critical severity vulnerabilities that enable remote attackers to compromise the host.
The POLONIUM espionage group was found using four new never-before-seen backdoors that abused cloud services, including Dropbox, OneDrive, and Mega. Researchers suspect that attackers obtained the initial access to the target networks by exploiting the VPN account credentials of Fortinet.
Israel offered cyber defense assistance to Albania on Monday, days after the Balkan state severed its diplomatic ties with Iran, citing accusations that the Islamic Republic carried out cyberattacks against the country in July.
Industrial giants Siemens and Schneider Electric have released a total of 19 security advisories for the October 2022 Patch Tuesday. The advisories cover 36 vulnerabilities affecting their ICS products.
Threat actors have developed a backdoored version of the legitimate network scanning tool Advanced IP Scanner, named AdvancedIPSpyware. The tool has already infected more than 80 organizations across the world in Latin America, Western Europe, South Asia, Africa, and the Commonwealth of Independent States (CIS).
Between September 28 and October 7, Kaspersky observed close to 1,800 users being infected with QBot worldwide. More than half of the new victims are corporate users, Kaspersky researcher Victoria Vlasova told SecurityWeek.
Despite the growing concern about cyberattacks, organizations are struggling to keep pace with the fast-moving threat landscape as they orient their business, networks, data, and employees against unwavering cyberattacks
Keeping private packages private is crucial for organizations using them. Otherwise, attackers can create clones or typosquatted packages that hackers could trick employees of organizations into downloading and using in software projects.
At question here is not the efficacy and transformation of cybersecurity practices, but the scale at which cyber threats have evolved into more malicious entities, albeit driven by different motivations.
On the performance goals, CISA told Nextgov the agency’s plan for keeping stakeholders engaged in a process of constantly cultivating the goals as a standard to meet is to ask for their trust.
In a Twitter thread, security researcher Greg Linares said the hacking incident was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company's network.
Organizations have scaled down workforces in favor of automation, moved their servers and networks off-premises, and transferred their data to the cloud, but mostly kept to their old ways when thinking about cybersecurity.
As the toolset itself appears to be shared among several actors, it is unclear whether this is a new iteration of operation “Shadow Force” or simply a different actor utilizing similar TTPs.
FormBook is the most prevalent malware in the wild worldwide, and Vidar, an infostealer, has entered the top 10 list in eighth place for the first time following a fake Zoom campaign.
Mango Markets took to Twitter Tuesday evening to tell users that it was investigating an incident “where a hacker was able to drain funds from Mango via… price manipulation.”
"Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks."
Cisco Talos recently discovered nine vulnerabilities in the Robustel R1510 industrial cellular router, several of which could allow an adversary to inject operating system code remotely.
A U.S. transportation security agency said Wednesday it plans to issue new cybersecurity requirements for some key aviation systems after several U.S. airport websites earlier this week were hit with apparently coordinated denial-of-service attacks.
Kaspersky researchers found the modified build of the unofficial app, YoWhatsApp version 2.22.11.75, containing a malicious module that deployed Triada, a modular Android banking trojan.
The solution is to embrace MFA more broadly, moving to three-factor authentication (3FA) by adding an additional factor, but this time one that cannot be used by the attacker to authenticate from a foreign device.
The company said it took "immediate steps to contain the incident, and engaged specialized cybersecurity firms", adding that there was no evidence that any sensitive data, including customer data, had been accessed at this stage.
Budworm’s main payload continues to be the HyperBro malware family, which is often loaded using a technique known as DLL side-loading. This involves the attackers placing a malicious DLL in a directory where a legitimate DLL is expected to be found.
Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.
Last week, Celsius, a cryptocurrency exchange facing bankruptcy, leaked an enormous collection of its users' transaction data through an unusual sort of privacy breach: a court filing.
Red Hat Security Advisory 2022-6941-01 - This release of Red Hat build of Quarkus 2.7.6.SP1 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 5673-1 - It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute show more ...
Red Hat Security Advisory 2022-6801-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.51. Issues addressed include a code execution vulnerability.
Ubuntu Security Notice 5672-1 - It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service.
Red Hat Security Advisory 2022-6921-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-6916-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.1 includes security and bug show more ...
Red Hat Security Advisory 2022-6805-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.36. Issues addressed include a code execution vulnerability.
An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "allow the use of a WhatsApp account without the app," Kaspersky said in a new report. "If the keys are stolen, a user of a malicious WhatsApp mod can lose control over their account."
A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology, law, communications, branding and marketing, media, insurance, and social services, cybersecurity
A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run
A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations' scoped private packages and then masquerade public packages, tricking employees and users into downloading them,"
What is the OWASP Top 10, and – just as important – what is it not? In this review, we look at how you can make this critical risk report work for you and your organisation. What is OWASP? OWASP is the Open Web Application Security Project, an international non-profit organization dedicated to improving web application security. It operates on the core principle that all of its materials are
An advanced persistent threat (APT) actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research. The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News. Other "strategically significant" intrusions mounted over the past six
A couple unexpectedly find $10.5 million in their cryptocurrency account, and in Cambodia people are being forced to commit scams. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Boffins at the University of Glasgow, in Scotland, have developed a system which they claim demonstrates a new type of cybersecurity threat: a "thermal attack." According to the researchers, the falling price of heat-detecting thermal imaging cameras and advances in machine learning have made it more feasible show more ...
