In at least two of our previous posts, we touched upon the topic of side-channel attacks. These are attacks in which a certain confidential information (a password, encryption key, or just data that needs securing) is extracted in a certain non-trivial way. For example, instead of directly cracking an encryption show more ...
Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released show more ...
Suffolk County had to hand deliver voting databases with ballot results to the county election headquarters.
Cyberattackers like IPFS because it is resilient to content blocking and takedown efforts.
IT practitioners are developing ransomware response plans, but many of them are not confident in their data resiliency tools.
A lack of precision in our terminology leads to misunderstandings and confusion about the activities we engage in, the information we share, and the expectations we hold.
Massachusetts Attorney General announced settlements across multiple states for damages from Experian's 2012 and 2015 breaches that violated consumer protection and notification laws.
The Swiss Army knife-like browser extension is heaven for attackers — and can be hell for enterprise users.
The stalling of federal legislation and the continued expansion of data brokers are fueling a phishing epidemic.
New approaches to identity access management are indispensable.
Cyble took the wraps off of a phishing campaign aimed at South Korean mobile users through a fake Google Play Store page to deliver Fakecalls Android malware. The malware is designed to steal sensitive details from victims’ Android devices, including contact details, call logs, SMS, and network operator and device location.
The U.S. Treasury Department reissued sanctions on the Tornado Cash cryptocurrency mixer service, accusing the platform of helping North Korean government hackers launder more than $455 million stolen in March 2022.
The Wordfence Threat Intelligence team disclosed a Missing Authorization vulnerability in Blog2Social, a WordPress plugin installed on over 70,000 sites, that allow users to set up post sharing to various social networks.
The funding round for the Israel-based API security company was led by Koch Disruptive Technologies (KDT), with participation from Kmehin Ventures, Venture Israel, Techstars, and existing investors.
VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin.
Cybersecurity researchers continue to discover new software supply chain attacks resulting from Python Package Index (PyPI). Some PyPI packages were injected with W4SP Stealer with the aim of infecting developers’ machines. All in all, these malicious packages were downloaded more than 5,700 times
A Nigerian influencer who attracted millions of followers on Instagram by showing off luxury cars and high-end clothing was sentenced on Monday to 11 years in prison for his role in business email compromise schemes and money laundering.
Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, along with two other flaws in Citrix ADC and Citrix Gateway.
Authorities in 40 US states have reached a settlement totaling more than $16 million with Experian and T-Mobile over data breaches suffered by the companies in 2012 and 2015.
Amadey, first discovered in 2018, is a "criminal-to-criminal (C2C) botnet infostealer project," as described by the BlackBerry Research and Intelligence Team, and is offered for purchase on the criminal underground for as much as $600.
Justice Blade threat actor released data from outsourcing IT vendor Smart Link BPO Solutions. The vendor works with relatively bigger organizations and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC. It is said that cybercriminals may have stolen CRM records, personal information, contracts, account credentials, and email communications.
IT and business leaders appear to finally be waking up to the fact that cybersecurity needs to be built into every business decision, particularly now that much of their day-to-day work is being conducted off-premises by distributed teams.
Zimperium discovered a malicious browser extension, which not only steals the information available during the browser session but can also install malware on a user’s device and subsequently assume control of the entire device.
A recent data breach that hit eight Shangri-La hotels is unlikely to have a large impact on foreign government delegates who attended a high-level defence summit in Singapore, which was held at the hotel.
Hackers on Wednesday began leaking sensitive medical records stolen from an Australian health insurer with nearly 10 million customers, including the prime minister, after the firm refused to pay a ransom.
Ariel Stern, a former Israeli Air Force captain, warns that the US and Israel are still unprepared to defeat a cyber attack against the water sector that could be orchestrated by enemy states like Iran.
A LockBit 3.0 ransomware operator has been observed dropping the Amadey Bot to take control of a device and encrypt devices via phishing emails. In October, the ASEC analysis team identified Amadey Bot masquerading as a popular Korean messenger program. In July, a new version of Amadey was found spreading via a SmokeLoader campaign.
Eleven of the 68 vulnerabilities fixed in today's update are classified as 'Critical' as they allow privilege elevation, spoofing, or remote code execution, one of the most severe types of vulnerabilities.
German software maker SAP announced the release of nine new security notes on its November 2022 Security Patch Day, including two notes addressing critical bugs in BusinessObjects and SAPUI5.
IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to download and execute additional malware on breached hosts.
Intel has published 24 new advisories covering more than 50 vulnerabilities affecting the chip giant’s products. AMD has published four new advisories describing a total of 10 vulnerabilities.
The Department of Health and Human Services' Health Sector Cybersecurity Coordinating Center in a Thursday threat briefing says Tehran-backed hackers often rely on social engineering to penetrate targets that include hospitals.
The U.S. Department of Defense’s zero-trust strategy will be published in the coming days, giving the public a fresh look at its plan to achieve a new level of cybersecurity.
Ubuntu Security Notice 5719-1 - It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue show more ...
Ubuntu Security Notice 5720-1 - It was discovered that Zstandard was not properly managing file permissions when generating output files. A local attacker could possibly use this issue to cause a race condition and gain unauthorized access to sensitive data.
WordPress Blog2Social versions 6.9.11 and below suffer from a missing authorization vulnerability.
Red Hat Security Advisory 2022-7885-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-7887-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include a buffer overflow vulnerability.
Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered show more ...
Debian Linux Security Advisory 5274-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
Debian Linux Security Advisory 5273-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
Ubuntu Security Notice 5718-1 - Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged show more ...
Red Hat Security Advisory 2022-6882-01 - Openshift Logging 5.3.13 security and bug fix release.
Red Hat Security Advisory 2022-7896-01 - Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases. Debezium is built on top of Apache Kafka and provides Kafka Connect compatible connectors that show more ...
An annual HIPAA security risk assessment is required to meet HIPAA requirements.
Teleport releases its second annual State of Infrastructure Access and Security report.
The market growth is driven by the convergence of IT and OT systems. By region, North America is estimated to account for the largest market size during the forecast period.
VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up.
A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News.
The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject
There are several myths and misconceptions about API security. These myths about securing APIs are crushing your business. Why so? Because these myths are widening your security gaps. This is making it easier for attackers to abuse APIs. And API attacks are costly. Of course, you will have to bear financial losses. But there are other consequences too: Reputational damage Customer attrition
An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to download and execute additional malware on breached hosts. This past June, Fortinet FortiGuard Labs said
A ransomware gang has begun to publish data on the dark web stolen from Australia's largest health insurer Medibank. Curiously, the hackers have released details of insured customers, sorted into two files bearing the label "naughty-list" and "good-list." Read more in my article on the Hot for Security blog.
