Cryptocurrency is an ideal target for cybercriminals: there are many ways to steal it, and its very difficult for the victims to ever recover it. And some hackers make an absolute killing from it — getting tens, or sometimes hundreds of millions of dollars from a cryptoexchange attack. This post looks at the Top-5 show more ...
Ursnif, a one-time banking Trojan also known as Gozi, becomes the latest codebase to be repurposed as a more general backdoor, as malware developers trend toward modularity.
Cybersecurity pros discuss a trio of lessons from the Equifax hack and how to prevent similar attacks in the enterprise.
From ransomware to remote workers to cyber-extortion gangs to Fred in shipping who clicks on the wrong link, cybersecurity concerns can keep you awake this season and all seasons.
A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who discovered the flaws.
A more secure organization starts with stronger alignment between HR and the IT operation.
A credential-stealing attack that spoofed LinkedIn and targeted a national travel organization skates past DMARC and other email protections.
Several critical and high-severity vulnerabilities have been discovered affecting the Veeam Backup & Replication application that could be exploited by advertising fully weaponized tools for remote code execution (RCE).
The FTC voted 4-0 to accept a consent agreement with alcohol delivery app Drizly to settle a complaint alleging that the company ignored known security problems, resulting in a 2020 breach of 2.5 million consumers’ personal data.
According to Adobe, Illustrator 2021 and 2022 for Windows and macOS are affected by improper input validation and out-of-bounds read vulnerabilities that could lead to malicious code execution.
Founded in 2011, the Ottawa, Canada-based Corsa Security provides network security virtualization for large enterprises, service providers, and managed security service providers (MSSPs).
Crooks most frequently used the brand name in their attempts to steal personal and payment information from marks between July and September, with DHL accounting for 22% of all worldwide phishing attempts intercepted by Check Point.
The “Dormant Colors” is yet another vast campaign of malicious extensions with millions of active installations worldwide, this time with a color-related theme and full of deception all through the chain.
A new strain of the FurBall Android spyware was found targeting Iranian citizens in mobile surveillance campaigns conducted by APT-C-50, aka Domestic Kitten, an Iranian state-sponsored gang. The newest malware version comes with code obfuscation tactics, including using obfuscated class names, strings, logs, and show more ...
The UK Cyber Security Council has announced a pilot program designed to create the country’s first chartered cyber professionals. It has partnered with (ISC)2 and the Chartered Institute of Information Security (CIISec) – for the pilot program.
Australian health insurance giant Medibank has revealed the hack of customer records has affected more customers than first thought, with the CEO saying the company is acting on the assumption all customers are affected.
Following patient privacy violations at Advocate Aurora Health, Senator Mark Warner, D-Va., sent a letter to Meta CEO Mark Zuckerberg seeking information into the company’s practice of collecting consumer health information through its tracking tool.
The vulnerabilities discovered could lead to a variety of conditions, including providing attackers the ability to change users’ login passwords, inject code onto the device, manipulate device configurations, and cause the system to shut down.
The findings from research by Northwave reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn into disarray long after the crisis itself has passed.
Researchers at cybersecurity firm Trend Micro have shown that the computer numerical control (CNC) machines present in many modern manufacturing facilities are vulnerable to hacker attacks.
Ursnif has joined the likes of Emotet, Qakbot, and TrickBot by turning itself into a capable backdoor that drops next-stage payloads. The new variant, dubbed LDR4, has now been observed using recruitment and invoice-related email lures—as an initial intrusion vector—to download a maldoc, which fetches and launches the malware.
The minister claims its country is going slow in adopting necessary measures to protect organizations and critical infrastructure operators in the energy sector from cyberattacks.
The Cisco product vulnerabilities both impact the AnyConnect Secure Mobility Client for Windows. They can be exploited by a local, authenticated attacker to execute arbitrary code and copy files to arbitrary locations with elevated privileges.
The Australian Institute of Company Directors (AIDC) had some solid names lending support to the launch of the institute’s new set of “cybersecurity governance principles” but the event did not start on time due to the hacking incident.
Vulnerabilities addressed recently in Jira Align could allow an attacker to elevate privileges, obtain Atlassian cloud credentials, and potentially go after Atlassian infrastructure, researchers with Bishop Fox warn.
A massive, malicious campaign is underway using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware.
Apple on Monday shipped a major iOS update with fixes for at least 20 documented security defects, including a kernel flaw that’s already being actively exploited in the wild.
The researchers associated the use of the RomCom backdoor with threat actor Tropical Scorpius (aka UNC2596), tracked by CERT-UA as UAC-0132, which is responsible for the distribution of the Cuba Ransomware.
The US federal government is considering several proposals to regulate medical device cybersecurity compliance to counteract the frequent and clinically impactful cyberattacks experienced by healthcare systems across the country.
Pendragon Group, with more than 200 car dealerships in the U.K., was breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them.
Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS).
The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme.
The MajikPOS and Treasure Hunter malware infect Windows POS terminals and scan the devices to exploit the moments when card data is read and stored in plain text in memory.
In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was found to contain a nested self-extracting (SFX) archive, with the first archive having the purpose to launch the second.
Trustwave SpiderLabs noted a spike in malspam campaigns by the Emotet botnet. In this attack wave, attackers are reportedly using invoice-themes phishing lures with password-protected archive files. These files drop CoinMiner and Quasar RAT to take over compromised systems.
This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below to execute a command.
ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, and ZMM suffer from a missing authentication vulnerability. Versions below 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210) are potentially affected.
Red Hat Security Advisory 2022-7087-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration.
Red Hat Security Advisory 2022-7108-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and show more ...
Red Hat Security Advisory 2022-7111-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2022-7137-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-7110-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include code execution, information leakage, memory leak, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-7129-01 - Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-7146-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-7089-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-7090-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.
Ubuntu Security Notice 5227-3 - USN-5227-1 fixed vulnerabilities in Pillow. It was discovered that the fix for CVE-2022-22817 was incomplete. This update fixes the problem. It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted show more ...
Ubuntu Security Notice 5696-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.31 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Red Hat Security Advisory 2022-7086-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.
Red Hat Security Advisory 2022-7088-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.
Led by NTTVC, the funding enables further development of Cloud Native Intrusion Prevention from the team that invented Network Intrusion Prevention Systems.
New report shows 75% of MSPs will invest in security threat intelligence services in the next 12 months to help businesses combat increased threats.
The Marsh McLennan Cyber Risk Analytics Center conducted independent analysis of BitSight's Security Rating and risk vectors and cybersecurity incident data.
Identity fraud has increased at 84% of dealerships, with 60% losing three or more vehicles in the last year.
Free service provides insights developers need to systematically identify and reduce container vulnerabilities.
Platform delivers unmatched performance, broad analysis capabilities, and governance across any data, geo, or cloud.
Trend Micro research finds most are over-confident about ability to withstand ransomware.
Driving better security outcomes for customers through partner-delivered incident response services built on Cortex XDR.
Open source tools by Spyderbat address the needs of Platform Engineering and DevOps teams by delivering new insights to workload activities and behaviors.
Upgrade boosts Akamai's dedicated mitigation capacity by 100% and enhances attack fighting capabilities for increasingly sophisticated DDoS threats.
New release extends best-in-class coverage of identity vulnerability discovery and remediation.
Passkeys are designed to replace passwords and allow seamless logins for consumers across devices and platforms.
Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of
Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS). The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol (MS-EVEN), which enables remote access to event logs. While the former allows "any domain user to remotely
Introduction In many ways, the software supply chain is similar to that of manufactured goods, which we all know has been largely impacted by a global pandemic and shortages of raw materials. However, in the IT world, it is not shortages or pandemics that have been the main obstacles to overcome in recent years, but rather attacks aimed at using them to harm hundreds or even thousands of
Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant proportion of attacks aimed at
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21
The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme. This allegedly comprises
Shouldn't affected users have been told sooner?
It was all going so well. At first. Read more in my article on the Hot for Security blog.
