Weve talked a lot lately about cryptocurrencies, as well as various scams and other crypto-targeting malicious activity. Our researchers recently checked out the situation with malicious miners — programs that secretly generate cryptocurrency for their owners using the resources of others folks computers. Although show more ...
Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources. Wanted Ukrainian cybercrime show more ...
Part 2 in our series addressing the top 10 unanswered questions in security: How will TPGRM evolve?
Automating security for OT infrastructure can help organizations combat a rising volume of cyber threats in an era when security professionals are in short supply.
Testing is an ongoing mission, not a one-and-done fix.
YL Ventures CISO-in-Residence Frank Kim weighs in on the top security concerns facing CISOs in a Dark Reading Q&A interview.
The API-related vulnerabilities put conversations, email addresses, tickets, and more in danger of exposure via the Zendesk Explore reporting service.
A misleading location-tracking practice ensnared the search-engine giant in massive privacy case spanning 40 states.
An in-depth analysis of system-destroying malware families presented at Black Hat Middle East & Africa shows a growing nuance in terms of how they're deployed.
As the threat landscape increases, public cloud security needs to evolve.
Weak configurations for encryption and missing security headers topped the list of software issues found during a variety of penetration and application security tests.
Lookout researchers discovered two surveillance campaigns targeting Uyghurs in China and abroad. The threat actors are using BadBazaar and MOONSHINE Android surveillance tools. An analysis of both campaigns suggested these are part of China’s long-running attacks against Uyghur population.
The European Union on Thursday unveiled new proposals to help its armies move faster in times of conflict and to boost cyber security, saying that Russia’s war on Ukraine is a wake-up call to bolster Europe’s defenses.
Online shoppers lost an average of £1000 (~$1183) each last year over the busy Christmas shopping period, according to new figures, prompting experts to urge greater caution over the coming three months.
Oregon Attorney General Ellen Rosenblum announced the historic settlement alongside 39 other AGs, after Rosenblum and Nebraska AG Doug Peterson led negotiations for what they said was the largest consumer privacy settlement ever led by AGs.
The group defrauded investors through a pseudo-investment scheme in cryptocurrencies and securities, the investigation began in 2020. The investors were tricked into initiating a series of fake investments.
Thales did confirm that a breach had occurred, just not of its own systems. Its security experts are aware of two likely sources of the theft. One of them has been confirmed to be the user account of a partner on a dedicated collaboration portal.
The Worok threat actor was found hiding information-stealing malware within PNG images to compromise targets’ devices without raising any suspicions. Actors use a new info-stealer, dubbed DropBoxControl for C2 communications and has already been used against organizations and government institutions in Mexico, Vietnam, and Cambodia.
The Ransomware Harms and the Victim Experience project, by the Royal United Service Institute and University of Kent, explores and draws attention to the psychological harms and other effects that ransomware can have on its victims and wider society.
Akamai uncovered an evasive malware, KmsdBot, being used to target companies ranging from gaming to luxury car brands to security firms. It uses the SSH cryptographic protocol to enter systems with the goal of mining and launching DDoS attacks. The malware is equipped to control the mining process and update the malware if required.
According to a detailed report by Cyjax, the threat actors are based out of China. They have been operating since 2017, spoofing over 400 renowned brands from the retail, banking, travel, pharmaceuticals, transport, financial, and energy sector.
Cyble researchers observed a rise in cybercrime against the nuclear industry worldwide with various actors demonstrating more and more sophistication every passing day. Although nuclear entities are supposed to be air-gapped, vulnerable IT/OT devices, misconfigured networks, and exposed assets are critical components during a cyberattack.
On Friday, a threat actor began selling the stolen data on a hacking forum, which allegedly contains promotion codes that can be used to access the service for free, as well as partial user identification and payment card data.
To indicate the size of the cyber risk to companies, there is, on average, a cyberattack every 39 seconds, which does not mean that every attack is successful, but that there is an attempt to access companies’ computer systems with that frequency.
Crypto miner/stealer for hire, Typhon Stealer, received a new update in the form of Typhon Reborn, disclosed Palo Alto Networks. The new variant boasts enhanced anti-analysis techniques and other stealing and file-grabber features. Researchers found that it leverages Telegram’s API and infrastructure to exfiltrate all stolen data.
Billbug (aka Lotus Blossom, Thrip) is a long-established advanced persistent threat (APT) group that is believed to have been active since at least 2009. The attackers use multiple dual-use tools in this attack campaign, as well as custom malware.
DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019, the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets.
The original version of Typhon Stealer was updated and released with the new name of “Typhon Reborn.” This new version has increased anti-analysis techniques and it was modified to improve the stealer and file grabber features.
Backstage, an open platform for building developer portals, is affected by a critical vulnerability whose exploitation could have a serious impact on a targeted enterprise, according to security firm Oxeye.
At least five complaints filed in the U.S. District for Southern New York allege that Somnia Inc. was negligent in failing to safeguard personally identifiable information and protected health information.
Attackers could steal password credentials from Mastodon users due to a security vulnerability in Glitch, a fork of Mastodon, Gareth Heyes of PortSwigger Research has warned.
The continuous attack surface management solution provider raised another $46 million in growth funding led by WestCap. In addition to WestCap, NextEquity Partners and Rockpool Capital joined the latest funding.
Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature enabled.
Payara Platform suffers from a path traversal vulnerability. Enterprise versions prior to 5.45.0 and Community versions prior to 6.2022.1, 5.2022.4, and 4.1.2.191.38 are affected.
BMC Remedy ITSM-Suite version 9.1.10 (20.02 in new versioning scheme) suffers from an html injection vulnerability.
Simmeth System GmbH Supplier Manager (Lieferantenmanager) versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL injection, and various other vulnerabilities.
WordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.
Cisco Secure Email Gateways, formerly known as Cisco Ironport Email Security Appliances, that are configured to detect malicious email attachments, can easily be circumvented. A remote attacker can leverage error tolerance and different MIME decoding capabilities of email clients, compared with the gateway, to evade show more ...
VMware Cloud Foundation (NSX-V) contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for input serialization show more ...
Apple Security Advisory 2022-11-09-2 - macOS Ventura 13.0.1 addresses code execution and integer overflow vulnerabilities.
Apple Security Advisory 2022-11-09-1 - iOS 16.1.1 and iPadOS 16.1.1 addresses code execution and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-7935-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Red Hat Security Advisory 2022-8400-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-8208-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-7959-01 - guestfs-tools is a set of tools that can be used to make batch configuration changes to guests, get disk used/free statistics, perform backups and guest clones, change registry/UUID/hostname info, build guests from scratch, and much more. Issues addressed include buffer overflow and denial of service vulnerabilities.
Red Hat Security Advisory 2022-7933-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, denial of service, double free, information leakage, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-7979-01 - Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates.
Red Hat Security Advisory 2022-8418-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
Red Hat Security Advisory 2022-7970-01 - The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.
Red Hat Security Advisory 2022-8340-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2022-7967-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include buffer overflow, bypass, null pointer, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-8385-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.
Red Hat Security Advisory 2022-8067-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
Red Hat Security Advisory 2022-8011-01 - FriBidi is a library to handle bidirectional scripts, so that the display is done in the proper way, while the text data itself is always written in logical order. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2022-8100-01 - SWTPM is a TPM emulator built on libtpms providing TPM functionality for QEMU VMs.
Red Hat Security Advisory 2022-7978-01 - The GIMP is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Issues addressed include buffer overflow and denial of service vulnerabilities.
Red Hat Security Advisory 2022-8197-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a use-after-free vulnerability.
Only 30% of respondents from other industries are as concerned about the risks associated with their IT staff.
API discovery and threat-monitoring solution tokenizes API data at its source for secure behavioral analytics, storage, compliance, and investigations.
Extends cyber asset attack surface management solution to multi-cloud environments,
Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information," Oregon Attorney General Ellen
Today, most Network Detection and Response (NDR) solutions rely on traffic mirroring and Deep Packet Inspection (DPI). Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyze the payload. While this approach provides detailed analysis, it requires large amounts of processing power and is blind when
A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group it tracks under the name Billbug, citing the use of tools previously attributed to this actor. The
Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library (CVE-2022-36067 aka Sandbreak), that came to light last
Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet (TTE) that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed PCspooF by a group of academics and researchers from the University of Michigan, the University of Pennsylvania, and the NASA
Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature turned on. "Before it was patched, the flaw would have allowed threat actors to access conversations, email addresses, tickets, comments, and other information from Zendesk
Healthcare organisations in the United States are being warned to be on their guard once again, this time against a family of ransomware known as Venus. Read more in my article on the Tripwire State of Security blog.
