A new approach to protecting information systems is currently gaining popularity in the cybersecurity world: cyber immunity. Systems based on this approach need no antivirus since theyre so well-protected that any hacking attempt would be too hard and prohibitively expensive to successfully carry out. Sounds too good show more ...
Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.
New laws have made the current US privacy landscape increasingly complex.
The infostealer Aurora’s low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps.
Yet another *4Shell exploit highlights the horror of strange visitors into enterprise environments. This Tech Tip focuses on what to do next.
Unique conditions contribute to outsized telecom fraud across the continent, but working together can bring solutions.
As the open source social media network blows up due to Twitter's troubles, researchers caution about vulnerabilities within the application.
Months after a fix was issued by a vendor, downstream Android device manufacturers still haven't patched, highlighting a troubling trend.
The Czech presidency of the EU Council has circulated the first compromise on the Cyber Resilience Act, dated 18 November and obtained by EURACTIV, making hefty editing to the proposal’s scope and free movement clause.
In a recent report, Forrester analysts warned of a looming major security breach at a large enterprise in 2023 rooted in business users using low-code/no-code (LCNC) solutions.
Since the commencement of the EU-backed Maritime Unmanned Navigation through Intelligence in Networks (MUNIN) project, Maritime Autonomous Surface Ship (MASS) technologies, infrastructures, and the overall ecosystem have developed rapidly.
Cisco said the problem affects its Secure Email Gateway product, formerly known as Cisco Email Security Appliance (ESA), when running with a default configuration. It told SecurityWeek that this is not a vulnerability in the product itself.
The New Zealand government’s cyber security agency has recorded a “massive” jump in online fraud, with scammers draining nearly $9 million from unsuspecting victims in just three months.
CEO Doug Taylor said in a statement the hack was an attempt to steal money from the charity, but that the attempt was "unsuccessful". "We immediately took steps to secure our systems," Taylor said.
Pentagon officially unveiled a zero trust strategy and roadmap today laying out how DoD components should direct their cybersecurity investments and efforts in the coming years to reach a target level of zero trust maturity over the next five years.
The human-operated Lorenz ransomware campaign is well-known for its big-game hunting of larger organizations and has claimed victims in both the healthcare and public health sectors.
With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly in the long term.
The hack took place in June, but the school waited until this week to inform the families after it deemed that the number of people whose information had been stolen was much greater than it first thought.
Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger these vulnerabilities.
A unit of the Russian internet and media regulator Roskomnadzor confirmed Saturday that hackers had breached its systems after the Belarusian hacktivist group known as the Cyber Partisans claimed to attack the organization.
The stark dissonance between the highs of 2021 and what seems to be a cooled-off 2022 has some security professionals and CEOs concerned that this downturn will become the new long-term reality.
This week, BleepingComputer found a sample of an encryptor for the Donut operation, aka D0nut, showing that the group is using its own customized ransomware for double-extortion attacks.
According to IBM's cyber-resilience report, the top three reasons why cyber resiliency has not improved are the silos and turf issues, fragmented IT and security infrastructure, and lack of visibility into applications and data assets.
In a new report by Bitdefender, analysts discovered the new Android trojan apps disguised as file managers and reported them to Google. All of them have since been removed from the Google Play Store.
RansomExx is a ransomware that emerged first in 2018 under the name Defray. Since then, the malware has undergone multiple changes, with the latest updates being added in Rust language.
Radio Free Asia, a U.S. government-sponsored news outlet, announced a breach this week that affected almost 4,000 people – leaking troves of personal information including Social Security and passport numbers, as well as financial data.
BleepingComputer researchers have found new samples of an encryptor for Donut ransomware and confirmed that it is using its own customized ransomware in recent attacks.
A Russian hacking outfit has claimed to have taken down the website of the Prince of Wales over the UK's continued support for Ukraine. Killnet said it had launched the attack "due to the supply of high-precision missiles to Ukraine".
The inner workings of yet another ransomware group have been laid bare after internal messages were leaked online, suggesting the Yanluowang group was actually run by Russian speakers.
Google Cloud team identified 34 different hacked releases of Cobalt Strike in the wild. Researchers have found the versions of Cobalt Strike JAR files starting with 1.44 (circa 2012) up to the latest version, 4.7.2.
RansomExx2 has been completely rewritten using Rust, but otherwise, its functionality is similar to its C++ predecessor. It requires a list of target directories to encrypt to be passed as command line parameters and then encrypts files with AES-256.
The nefarious LockBit 3.0 cybercriminal group is claiming responsibility for the ransomware attack that halted municipal services and shut down employee email accounts in Westmount, Quebec, giving the city a deadline of December 4 to pay the ransom.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged show more ...
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network show more ...
Ubuntu Security Notice 5737-1 - It was discovered that APR-util did not properly handle memory when using SDBM database files. A local attacker with write access to the database can make a program or process using these functions crash, and cause a denial of service.
Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.
Ubuntu Security Notice 5735-1 - It was discovered that Sysstat did not properly check bounds when performing certain arithmetic operations on 32 bit systems. An attacker could possibly use this issue to cause a crash or arbitrary code execution.
Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.
Red Hat Security Advisory 2022-8598-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only show more ...
Red Hat Security Advisory 2022-8580-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.
Ubuntu Security Notice 5734-1 - It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, show more ...
Backdoor.Win32.Serman.a malware suffers from an unauthenticated open proxy vulnerability.
Fueling the trend are the rising adoption of cloud computing solutions, technology advancements, stricter data safety regulations, and the move to digitalization, says Brandessence Market Research.
A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 with a number of test emails sent using generic subject lines such as "Just checking in" and "Hope this works2." However, there are no
Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa. The tech behemoth's cybersecurity division said the vulnerable component poses a "supply chain risk that may affect millions of organizations and devices." The findings build on a prior report
Meta Platforms on Tuesday said it took down a network of accounts and pages across Facebook and Instagram that were operated by people associated with the U.S. military to spread narratives that depicted the country in a favorable light in the Middle East and Central Asia. The network, which originated from the U.S., primarily singled out Afghanistan, Algeria, Iran, Iraq, Kazakhstan, Kyrgyzstan,
As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. "The underground market value of stolen logs and compromised card details is estimated around $5.8 million," Singapore-headquartered Group-IB said in a report shared with The Hacker News. Aside from looting
The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account," WithSecure researcher Mohammad Kazem
Delivering a superior customer experience is essential for any e-commerce business. For those companies, there's a lot at stake this holiday season. According to Digital Commerce 360, nearly $1.00 of every $4.00 spent on retail purchases during the 2022 holiday season will be spent online, resulting in $224 billion in e-commerce sales. To ensure your e-commerce site is ready for the holiday rush
Researchers at cybersecurity firm Unit 221B have revealed that they have been secretly helping victims of the Zeppelin ransomware decrypt their computer systems since 2020.
$100 million. That's the amount of money that the Hive ransomware is thought to have extorted from over 1300 companies around the world, according to a joint report from the FBI, CISA, and HHS. Read more in my article on the Hot for Security blog.
