Episode 276 of the Transatlantic Cable kicks off with the US Department of Justice that revealed it seized $3.36bn (£2.9bn) of Bitcoin last year which was stolen from an infamous darknet website. Then, How Twitter users are using the platforms new Elon Musk era changes to impersonate official video game companies. show more ...
As our recent expert study shows, despite both the drop in price of many cryptocurrencies and the decision of one of the biggest cryptocoins — Ethereum — to move away from mining, malicious miners continue to threaten business. Companies that use cloud infrastructure are particularly at risk. We explore the show more ...
Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. show more ...
As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organizations should read their cyber insurance policies carefully to see what is still covered.
With the proliferation of interconnected third-party applications, new strategies are needed to close the security gap.
A secure-by-design culture is needed to develop a comprehensive offboarding and identity management strategy that limits potential for broader compromise in case of unauthorized access.
Although the group relies on good old phishing to deliver Royal ransomware, researchers say DEV-0569 regularly uses new and creative discovery techniques to lure victims.
Languages such as C and C++ rely too heavily on the programmer not making simple memory-related security errors.
PAN plans to add Cider's CI/CD security platform to its Prisma Cloud suite of AppSec tools.
How far can its government — or any government or private company — go to proactively disrupt cyber threats without causing collateral damage?
According to Sansec researchers, there is a massive surge in the TrojanOrders attacks ahead of the holiday season and approximately 38% of Magento 2 and Adobe Commerce websites are being targeted by the attacks.
A group of researchers has found that the growing network of EV charging systems is poorly secured and could one day be used to destabilize entire electrical grids. And it contains enough security issues to be problematic even today.
Rapperbot has added the feature to perform Telnet brute force, which is designed primarily for self-propagation. It supports DoS attacks using the Generic Routing Encapsulation (GRE) tunneling protocol.
"The ability to target a specific level of compliance within the framework means teams can make intentional and incremental progress toward reducing their supply chain risk,” Microsoft explains.
The public schools in Jackson and Hillsdale counties, Michigan, started experiencing a systems outage affecting critical operating systems on Monday, the outage occurred because they were victims of a ransomware attack detected over the weekend.
McDonald’s is set to launch its first registered cybersecurity apprenticeship program in the U.S., part of the government’s 120-day Cybersecurity Apprenticeship Sprint. The program aims to bring talent from Chicago City Colleges to its headquarters.
The team at Unit 221B, which identified the weaknesses in the encryption routine of Zeppelin ransomware was wary of advertising its ability to crack the ransomware keys because it didn’t want to tip its hand to Zeppelin’s creators.
The ongoing danger and threat of a ransomware attack looms large among security pros as the threat landscape increases daily. And many believe the worst is yet to come, according to a survey by CRA Business Intelligence.
New research by Cybersixgill reveals that nearly all the ingredients required to build fake Twitter accounts have been easily available on the dark web "for quite some time."
In all, the initiative, which spun out of a cyber workforce and education summit, saw more than 7,000 apprentices get hired, according to a White House fact sheet. Of those, more than 1,000 were from the private sector.
The notorious Hive ransomware follows the ransomware-as-a-service model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks.
Leading cybersecurity and sector risk management officials should consider establishing space and bioeconomy as two new sectors of critical infrastructure, the CISA wrote in a report to President Joe Biden and relevant congressional committees.
Threat actors behind the new ransomware family attacked a government agency in Chile last August, targeting both Linux and Windows systems and appending the “.crypt” extension on encrypted files.
CIOs need to ask their management leads or teams how private keys are protected and what exposure gap they might face during processing. The same is true for executing data and code that is otherwise encrypted at rest and in motion.
BlackBerry researchers discovered that the attackers used two AnonFiles URLs as remote resources for fetching a password-protected zip archive containing an executable dropper file.
The Disneyland Team uses common misspellings for top bank brands in its domains. For example, one domain the gang has used since March 2022 is ushank[.]com — which was created to phish U.S. Bank customers.
The lawsuit named Russian nationals Dmitry Starovikov and Alexander Filippov, who allegedly helped lead the criminal enterprise, as well as 15 Does who had some role in operating the Glupteba botnet.
In the US alone, ransomware activity increased 100% quarter over quarter in transportation and shipping. Globally, transportation was the second most active sector after telecom. APTs were also detected in transportation more than in other sectors.
A critical vulnerability affecting Omron products has been exploited by a sophisticated piece of malware designed to target industrial control systems (ICS), but it has not received the attention it deserves.
Australia Cyber Security Minister Clare O'Neil announced the formation of the Joint Standing Operation task force, which brings together experts from the Australian Federal Police and the Australian Signals Directorate.
Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket Server and Data Center, the company's solution for Git repository management.
The attackers are using polymorphism to vary the payload, steganography to hide code inside packages, reboot persistence, and building a fake GitHub reputation via starjacking technique.
According to Akamai, whose security researchers discovered the campaign, one of the most interesting features of the kit is a token-based system that ensures each victim is redirected to a unique phishing page URL.
Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software.
It's difficult to know the precise extent to which cybercriminals make use of weekends and holidays to launch their attack campaigns; but it is generally accepted that they do.
Tracked as CVE-2022-42898 and impacting multiple Samba releases, the security defect exists in the Service for User to Proxy (S4U2proxy) handler, which provides “a service that obtains a service ticket to another service on behalf of a user.”
While attacks on RDP ports grew during the COVID-19 pandemic as a result of the rise of remote work, the port has continued to be a popular attack method for criminals despite many workers returning to the office.
Earth Preta abused fake Google accounts to distribute malware via spear-phishing emails, initially stored in an archive file (such as rar/zip/jar) and distributed through Google Drive links.
Red Hat Security Advisory 2022-7874-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-7865-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.41. Issues addressed include a man-in-the-middle vulnerability.
Ubuntu Security Notice 5686-2 - USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to cause a crash or arbitrary code execution.
Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.
Ubuntu Security Notice 5732-1 - It was discovered that Unbound incorrectly handled delegations with a large number of non-responsive nameservers. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service.
Debian Linux Security Advisory 5284-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Red Hat Security Advisory 2022-8524-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.0 replaces Data Grid 8.3.1 and show more ...
Red Hat Security Advisory 2022-8532-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Issues addressed include a HTTP request smuggling vulnerability.
Ubuntu Security Notice 5638-2 - USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that show more ...
PatrIoT provides a four-stage IoT vulnerability research methodology built on top of four key elements: logical attack surface decomposition, compilation of top 100 weaknesses, lightweight risk scoring, and step-by-step penetration testing guidelines. The proposed methodology is evaluated with multiple IoT products. show more ...
In the function AppleAVDUserClient::decodeFrameFig, a location in the decoder's IOSurface input buffer is calculated, and then bzero is called on it. The size of this IOSurface's allocation is controllable by the userspace caller, so the calculated pointer can go out of bounds, leading to memory corruption. show more ...
In AppleAVD.kext, pixel buffers are mapped by calling AppleAVDUserClient::_mapPixelBuffer, which eventually calls AppleAVD::allocateKernelMemoryInternal. If the buffer is an IOSurface, the function calls IOSurface::deviceLockSurface before allocating memory by calling prepare. But when a pixel buffer is unmapped by show more ...
The county reports unauthorized access to files in its Department of Social Services' systems between Nov. 18, 2021, and April 9. It has added enhanced alert and monitoring software and is offering complimentary credit monitoring and identity theft protection services to those whose personal information may have been compromised in the breach.
An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date. "The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technical write-up, calling the adversary WASP. "The attack seems related to cybercrime as the attacker
The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information
Meta Platforms is said to have fired or disciplined over two dozen employees and contractors over the past year for allegedly compromising and taking over user accounts, The Wall Street Journal reported Thursday. Some of these cases involved bribery, the publication said, citing sources and documents. Included among those fired were contractors who worked as security guards at the social media
The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal said in a write-up published Thursday. Aside from being dropped
Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay dormant in an organization's infrastructure, extending their access while waiting for the right
A UK police force has apologised after it published the names and addresses of victims of sexual assault on its website. Suffolk Police says that it has launched an investigation into how victims' names, addresses, dates of birth, and details of reportedly hundreds of alleged offences were left on public view. Read more in my article on the Hot for Security blog.
