Episode 278 of the Transatlantic Cable kicks off with news that the previous Twitter hack, back in 2021, is actually much larger than initially suspected. Not great news for the already troubled social media site. From there, the team discuss recent news that nightclub owners in Miami are struggling with slumping show more ...
Our experts have discovered an attack of a new Trojan, which they dubbed CryWiper. On the first glance, this malware acts as a ransomware: it modifies files, adds a .CRY extension to them, and saves a README.txt file with a ransom note, which contains the bitcoin wallet address, the contact e-mail address of the show more ...
Amazon Security Lake will allow organizations to create a purpose-built, standards-based data lake to aggregate and store security data.
A trio of security bugs allow remote attackers to unlock or start the car, operate climate controls, pop the trunk, and more — all via poorly coded mobile apps.
Following a year of increasingly disruptive attacks, advanced persistent threat groups will likely only become emboldened in 2023, security experts say.
Journalists in El Salvador haul NSO Group to US court for illegal surveillance that ultimately compromised their safety.
Rather than regarding risk assessment as a negative exercise, consider it one that benefits your organization's aims, and then translate the risk level to its impact on operations, reputation, or finances.
A do-it-yourself machine-learning system helped a French bank detect three types of exfiltration attacks missed by current rules-based systems, attendees will learn at Black Hat Europe.
Abnormal Security took the wraps off of a Nigeria-based group ‘Lilac Wolverine’ that manipulates online users using COVID-19, emotional lures in BEC scams.
Dropbox has announced plans to bring end-to-end encryption to its business users, and it’s doing so through acquiring “key assets” from Germany-based cloud security company Boxcryptor. Terms of the deal were not disclosed.
Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers.
CashRewindo threat actor is back with effective, creative, and cloaked landing pages to target victims in Europe and North and South America with fake investment schemes. The group uses old domains that were registered years ago and have no involvement in any malicious activity, to build trust and bypass security show more ...
A vulnerability in IBM Cloud databases for PostgreSQL could have allowed attackers to launch a supply chain attack on cloud customers by breaching internal IBM Cloud services and disrupting the hosted system's internal image-building process.
The investment, led by Advent International, brings HYPR’s total funds raised to $97 million and includes participation from existing investors including .406 Ventures, RRE Ventures, Top Tier Capital, and Comcast Ventures.
More than 2.2 million patients across almost 120 pediatric physician practices and practice groups in the U.S. may have had their data compromised by a breach at pediatric health IT vendor Connexin Software in August, according to HealthITSecurity.
FBI has observed Cuba ransomware actors continuing to target U.S. entities across five critical infrastructure sectors: Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology.
Mozilla and Microsoft removed support for TrustCor certificates after a Washington Post report revealed the company's ties to government contractors specializing in spyware.
DuckLogs includes mainly an information stealer and a remote access trojan (RAT) component, however, it has more than 100 individual modules that target specific applications.
The conspiracy is said to have resulted in at least $30m of stolen benefits designed to help the unemployed during the pandemic. The case highlights the persistent threat of fraud facing government organizations and the risks of malicious insiders.
Security researchers at Yuga Labs found that vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles.
Salvadoran digital newspaper El Faro's employees filed a lawsuit in a US federal court on Wednesday against NSO Group, alleging the Israeli firm's controversial Pegasus software was used to spy on them.
North Korea-linked APT37, aka ScarCruft, was found leveraging a previously undocumented backdoor, named Dolphin, against South Korean entities. The latest discovery links back to a watering-hole attack in 2021 on a South Korean online newspaper reporting on activity and events related to North Korea. So far, four show more ...
The Office for Civil Rights is warning covered entities that they might be sharing protected health information with third-party tracking vendors like Facebook and Google through their use of pixel tech, in a manner that violates the HIPAA.
Classes are canceled for the third day in a row in a Gloucester County school district due to technical problems caused by an "unauthorized third party," according to notifications from the district.
The team at HP Wolf Security found that cybercriminals are using archive files as the preferred method for spreading malware, beating Microsoft Office for the first time.
The affected details include the names and addresses associated with customers’ accounts as well as the bank details used to set up direct debit payments. The company said it is writing letters to the affected customers.
The $26 million Series B brings the total raised by Pangea to $51 million and underscores a push by venture capital investors to bet on companies that help developers embed security services and APIs into their cloud applications.
As shared in a now public report on the Android Partner Vulnerability Initiative (AVPI) issue tracker, this abusive use of platform keys was discovered by ?ukasz Siewierski, a Reverse Engineer on Google's Android Security team.
The new Go-based malware threat, dubbed Redigo by Aqua Nautilus researchers, has been targeting Redis servers vulnerable to CVE-2022-0543 to gain backdoor access and execute commands.
In the first half of this year, researchers saw a rising trend of wiper malware being deployed in parallel with the Russia-Ukraine war. However, those wipers haven’t stayed in one place – they’re emerging globally.
A cybercrime group based in Nigeria is targeting businesses in the United States and Western Europe with a plethora of scam emails as part of a larger campaign of business email compromise (BEC) attacks.
After a recent data leak report, Check Point Research (CPR) has published a new advisory analyzing the exposed files and confirming the leak includes 360 million phone numbers from 108 countries.
The official Vatican website was taken offline on Wednesday following an apparent hacking attack, the Holy See said. "Technical investigations are ongoing due to abnormal attempts to access the site," Vatican spokesman Matteo Bruni said.
According to the Netwrix 2022 Cloud Security Report, compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure.
Accuro, a New Zealand health insurer, says a cybersecurity incident has compromised its ability to access systems but it's not yet known whether customer data is exposed.
This archive contains all of the 69 exploits added to Packet Storm in November, 2022.
Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
Ubuntu Security Notice 5758-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was show more ...
Ubuntu Security Notice 5757-2 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was show more ...
Ubuntu Security Notice 5757-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was show more ...
Ubuntu Security Notice 5756-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was show more ...
Ubuntu Security Notice 5755-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Linux kernel did show more ...
Debian Linux Security Advisory 5292-1 - The Qualys Research Team discovered a race condition in the snapd-confine binary which could result in local privilege escalation.
Ubuntu Security Notice 5743-2 - USN-5743-1 fixed a vulnerability in LibTIFF. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked show more ...
Ubuntu Security Notice 5754-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a memory leak existed in show more ...
Backdoor.Win32.Delf.gj malware suffers from an information leakage vulnerability.
IBM Websphere Application Server version 7.0 persistent cross site scripting vulnerability proof of concept details.
The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of...
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server
Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed "Hell's Keychain" by cloud security firm Wiz, has been described as a "first-of-its-kind supply-chain attack vector impacting a
A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua.
The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA, which the President signed into law in March. The sessions and
Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse. The apps in question are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million times from the Google Play Store. Telepad is no longer available through the app marketplace but can be downloaded from its website.
Researchers investigating a newly-discovered botnet have admitted that they "accidentally" broke Read more in my article on the Tripwire State of Security blog.
