Administrators and security teams who have lost visibility into their own networks can use DNS telemetry to home in on anomalous traffic.
Retailers and hospitality companies expect to battle credential harvesting, phishing, bots, and various malware variants.
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.
Ransomware-as-a-service lowers the barriers to entry, hides attackers’ identities, and creates multitier, specialized roles in service of ill-gotten gains.
Prolific online scammer and social media influencer 'Hushpuppi' sentenced for bank cyber heists, BEC campaigns, money laundering, and more.
The classroom-based curriculum addresses the cybersecurity workforce gap with free training labs and virtual cyberattack environments to hone the skills of the next generation of talent.
There's real value in having a better perspective around future regulation and compliance requirements.
Microsoft studied the cyber-threat landscape between July 2021 and June 2022 and found that the cyberattacks perpetrated by nation states targeting critical infrastructure jumped from 20% to 40%. The IT industry accounted for the most attacks (22%) by nation state actors, especially from Russia and Iran. This is followed by think tanks and NGOs (17%) and the education sector (14%).
James Zhong, 32, admitted committing wire fraud in September 2012 by creating nine Silk Road accounts he used to trigger "over 140 transactions in rapid succession in order to trick Silk Road's withdrawal-processing system," the DoJ said.
The cyber insurance market is beginning to stabilize following several years of steep rate increases, according to the State of the Market 2022 Update by insurance broker Risk Strategies.
A Georgia-based home healthcare and hospice provider will pay nearly $500,000 to the state of Massachusetts to end state litigation tied to a data breach affecting nearly 170,000 patients.
According to Sentinel Labs, the Black Basta ransomware operation has ties with FIN7. Researchers noted that a developer for FIN7 also authored the EDR evasion tools that Black Basta has been using exclusively since June 2022. In other evidence, both groups used similar IP addresses and specific TTPs, although with a gap of a few months.
Confidential computing aims to isolate sensitive data without exposing it to the rest of the system, where it would be more vulnerable to intruders. It does this by processing encrypted data in memory using hardware-based secure enclaves.
Trend Micro researchers observed five banking malware families involved in these attacks targeting bank customers in India, namely Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy.
The group of threat actors calling themselves ‘Justice Blade’ published leaked data from Smart Link BPO Solutions, an outsourcing IT vendor working with major enterprises and government agencies in Saudi Arabia and other countries in the GCC.
The authentication method is based on certificates rather than passwords. Microsoft, along with others including Apple and Google, is pushing for passwordless authentication – and aims to fend off phishing attacks designed to get around MFA.
The CCDCOE is recognized as an international military organization and cyber defence hub focusing on research, training and exercises, like its yearly red team versus blue team cyber war game, Locked Shields.
Scientists from Johns Hopkins University and NTT Research have laid the groundwork for how it might be possible to build one-time programs using a combination of the functionality found in the chips found in mobile phones and cloud-based services.
Maple Leaf Foods said it has executed business continuity plans and that work is underway to restore the impacted systems. However, the company expects further operational and service disruptions, saying that restoration efforts take time.
Worldr has secured $11 million in a seed funding round led by Molten Ventures for its messaging data sovereignty software that integrates with Microsoft Teams, Slack, and WhatsApp.
Once installed, the app asks for several permissions, including camera, microphone, internet, and storage. “Access to any one of these can be dangerous and catastrophic for national security,” Cyfirma wrote.
Beosin, a leading blockchain security service provider, has recently closed a $20-million strategic financing round participated by prominent industry investors and existing shareholders.
The dropper hides behind a fake utility application. Because of its relatively limited permissions and small footprint, it appears as a legitimate app and can elude Google Play security measures.
Most (57%) small and medium-sized businesses (SMBs) are worried about their cybersecurity budgets being reduced amid a surge in ransomware, according to a new report from OpenText Security Solutions.
The technology team cut off the district’s connection to the internet on Sunday in response to the attacks. Teachers and students were advised Monday that they could not use the internet for the next three days.
A critical security vulnerability arising from improper input validation has been addressed in XMLDOM, the JavaScript implementation of W3C DOM for Node.js, Rhino, and browsers.
Robin Banks, of late, has gone through a major transformation. The Phishing-as-a-Service (PhaaS) platform has introduced several new features, including a cookie-stealing capability. Additionally, hackers can now fully access their phishing kit at $1,500 per month. The latest developments suggest that it is here to stay, and its operators will likely keep it up to date to make it a more effective PhaaS platform.
Siemens and Schneider Electric have released their Patch Tuesday advisories for November 2022. Siemens has released nine new security advisories covering a total of 30 vulnerabilities, but Schneider has only published one new advisory.
The first part of the update, the ‘2022-11-01 patch level’, includes fixes for 17 security defects, 12 of which could lead to escalation of privilege (EoP), three to denial of service (DoS), and two leading to information disclosure.
A prototype pollution bug in the JavaScript framework for building Node.js web applications could potentially allow attackers to stage cross-site scripting (XSS) attacks and steal user information.
A new malware campaign by Pakistan-linked Transparent Tribe was found targeting Indian government entities with trojanized strains of a 2FA solution, named Kavach. APT-36 has registered several domains spoofing Indian government organization sites to launch credential harvesting and phishing attacks.
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. show more ... GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
The Windows Kernel suffers from a memory corruption vulnerability due to type confusion of subkey index leaves in registry hives.
Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2022-7648-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.
Red Hat Security Advisory 2022-7692-01 - XML-RPC is a remote procedure call protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC over the Internet. It converts an RPC into an XML document, sends it show more ... to a remote server using HTTP, and gets back the response in XML. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-7645-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.
Red Hat Security Advisory 2022-7700-01 - The gdisk packages provide the gdisk partitioning utility for GUID Partition Table disks. The utility features a command-line interface similar to fdisk, direct manipulation of partition table structures, recovery tools to deal with corrupt partition tables, and the ability to convert Master Boot Record disks to the GPT format.
Red Hat Security Advisory 2022-7581-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Red Hat Security Advisory 2022-7618-01 - GStreamer is a streaming media framework based on graphs of filters that operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-7793-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Issues addressed include a buffer over-read vulnerability.
Red Hat Security Advisory 2022-7813-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
Red Hat Security Advisory 2022-7830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-7585-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7821-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-7464-01 - The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.
Red Hat Security Advisory 2022-7811-01 - Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. Issues addressed include code execution and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-7822-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2022-7720-01 - The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2022-7514-01 - FriBidi is a library to handle bidirectional scripts, so that the display is done in the proper way, while the text data itself is always written in logical order. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2022-7643-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include denial of service and memory leak vulnerabilities.
Red Hat Security Advisory 2022-7458-01 - Flatpak-builder is a tool for building flatpaks from sources.
Red Hat Security Advisory 2022-7529-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7622-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
Red Hat Security Advisory 2022-7639-01 - OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version. Issues addressed include an out of bounds read vulnerability.
AppSec and Cybersecurity veteran will leverage his strong institutional experience as demand for crowdsourced cybersecurity solutions grows.
Call on security industry to collaborate on a standard framework to close the gap on the human element in cybersecurity.
The CIS Benchmarks are unique for many reasons. None compare to the community consensus process that forms their hardening guidance. Learn how to get involved.
The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon," AhnLab Security Emergency Response Center (ASEC) said in a
Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like SystemBC and Raccoon Stealer 2.0, according to an analysis from Cyble. Observed in
The U.S. Department of Justice (DoJ) on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace. The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04 billion. Additionally recovered were $661,900 in cash, 25 Casascius coins with an approximate value
The news surrounding the slowing economy has many wondering how much of an impact it will have on their businesses – and lives. And there's good reason to start preparing. A recent survey by McKinsey & Company found that 85% of small and midsize businesses plan to increase their security spending heading into 2023, while Gartner recently projected that 2022 IT spending will only grow by 3%,
Mastodon is hot right now. After some years of only being used by geeks (yes, I've had an account for a while now) it's at the tipping point of becoming mainstream. If you're part of the exodus of users leaving Twitter for Mastodon, what are the security and privacy issues that you need to be aware of?
