In November 2022, the U.S. National Security Agency issued a bulletin on RAM handling security. If you look at other NSA bulletins on the topic, youll notice that they mostly focus on either data encryption, or production loop protection and other organizational issues. Addressing software developers directly is quite show more ...
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
Extending multifactor authentication to include device identity assurance offers more authentication confidence than what multiple user-identity factors can by themselves.
There's no quick fix after decades of underinvestment, but the process has started. Cybersecurity grants, mandatory reporting protocols, and beefed-up authentication requirements are being put in place.
Microsoft warns that the Kremlin is ramping up cyberattacks against infrastructure and supply chains and starting disinformation campaigns as Russian troops lose on the battlefield.
Organizations can best defend themselves on the cyber battlefield by adopting a military-style defense.
Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.
Victims include at least 15 healthcare organizations, one Fortune 500 company, and other organizations in multiple countries, security vendor says.
CISA gives agencies deadline to patch against Google Chrome bug being actively exploited in the wild.
The threat actors used social engineering tactics such as calling employees and impersonating IT staff to harvest credentials or using Telegram and SMS messages to redirect targets to custom-crafted phishing sites that feature the company's logo.
North Korean threat group Lazarus was seen launching fake cryptocurrency apps under the self-made BloxHolder brand. The group’s motive appears to be deploying the AppleJeus malware for initial access which, in turn, is utilized to penetrate networks and extract crypto assets. The new campaign allegedly began in June 2022.
The use of infostealer malware has surged in recent months to allow criminal actors to quickly gain access to usernames, passwords, and cookies at a very low cost, the research showed.
Collectively called BMC&C, the newly identified issues can be exploited by attackers having access to remote management interfaces such as Redfish, potentially enabling adversaries to gain control of the systems and put cloud infrastructures at risk.
Cybersecurity disclosure and regulations could either spur a positive credit environment or cause unintended consequences if not well managed, according to Moody’s Investor Service.
A group of hackers has posted a trove of approximately 50GB of data for sale on two online forums and a Telegram group. The data was posted on 26 and 27th November 2022. This was revealed to Hackread.com by researchers at VPNMentor.
Cyber extortion remains a top threat, but its geographical reach is shifting, Orange Cyberdefense (OCD) found in the Security Navigator 2023, the latest edition of its annual report on the threat landscape, released on December 1, 2022.
“In the Box” dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media, and online retailers in 43 countries.
A joint advisory by the CISA and the FBI revealed that the Cuba ransomware group attacked 100 organizations worldwide, between December 2021 and August 2022, raking in $60 million. In addition to deploying ransomware, the actors also use double extortion techniques to demand ransom from victim organizations. A key recommendation includes keeping all operating systems and software updated.
The education sector remained a popular target last month, particularly from Hive, a ransomware-a-as-a-service group, that even warranted a government alert in late November.
Kaspersky identified a new data wiper, dubbed CryWiper, that was used for destructive attacks against Russia’s mayor's offices and courts. The malware pretends to be ransomware. CryWiper masquerades as ransomware and demands 0.5 Bitcoin (approximately $8,000) ransom in exchange for a decryptor. However, it purposefully destroys the contents of files in the affected system, which makes data non-recoverable.
According to a new advisory by CloudSEK, the hackers would have stolen personally identifiable information (PII), including names, Aadhaar numbers, Indian Financial System Codes (IFSC codes) and other details of numerous individuals.
The CISA has added one more security vulnerability to its list of bugs known to be exploited in attacks. In an advisory published right before the weekend, Google said it "is aware of reports that an exploit for CVE-2022-4262 exists in the wild."
Between operating with a drastic talent shortage, dealing with increased threat actor sophistication, and navigating decreased infosec budgets, cyber pros have been under immense pressure over the past few years.
"We believe these recent trends suggest that the world should be prepared for several lines of potential Russian attack in the digital domain over the course of this winter," the company said.
Experts predict the pressures associated with economic uncertainty and rising costs will create the perfect environment for scammers to take advantage of people when they are more vulnerable.
The Canadian branch of Amnesty International said Monday it was the target of a cyberattack sponsored by China. The human rights organization said it first detected the breach on October 5 and hired experts to investigate.
While there are still very limited privacy standards in the United States, the Federal Trade Commission (FTC) is on the warpath in regard to data privacy, and its reach includes punitive actions against company executives too.
Hackers are abusing the open-source Linux PRoot utility in Bring Your Own Filesystem (BYOF) attacks to provide a consistent repository of malicious tools that work on many Linux distributions.
The US Government Accountability Office (GAO) has urged several federal agencies to conduct cybersecurity-related assessments in an effort to improve the protection of certain critical infrastructure sectors.
Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository.
Russian hackers are using their presence inside the networks of organizations in the UK, US, and elsewhere to launch attacks against Ukraine, a new report from Lupovis has revealed.
At least 20 individuals are believed to have been targeted, Human Rights Watch (HRW) said in a report published Monday, attributing the malicious activity to an adversarial collective tracked as APT42.
As per an Axway study, ensuring data security and controlling API sprawl were top concerns, with 68% worrying about complexity due to sprawl and 48% of respondents ranking “increased security challenges” as their single greatest concern.
Google warned against a highly critical zero-day described as a type of confusion flaw in the browser’s V8 JavaScript engine. Identified as CVE-2022-4262, the flaw could let a remote attacker potentially exploit heap corruption via a specially crafted HTML page. Hackers exploiting it can execute RCE-based attacks by serving untrusted code from a malicious page.
The Secret Service told NBC that it linked prolific Chengdu-based APT41 to the raids, which targeted Small Business Administration (SBA) loans and unemployment insurance funds in more than 12 states.
More than two in five (42%) of UK manufacturers have been a victim of cybercrime in the past 12 months, according to new research by Make UK and Blackberry. Of those organizations, over a quarter (26%) experienced substantial financial losses.
As ransomware's prevalence has grown over the past decade, leading ransomware groups such as Conti have added services and features as part of a growing trend toward professionalization.
A new report from Tenable outlined an emerging threat related to NETGEAR and TP-Link routers. According to Tenable research, both TP-Link and NETGEAR had to release last-minute patches for their devices that were a part of the Pwn2Own event.
Eufy home security cameras are currently in a spot of trouble as a result of door camera footage. This is because it turns out that data that should not have been going to the cloud was doing so anyway in certain conditions.
This Metasploit module exploits a privilege escalation in vSphere/vCenter due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. It is possible for anyone in the cis group to write to the file, which will execute as root on vmware-vmon service restart or host reboot. This module was show more ...
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. show more ...
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Evernote Web Clipper suffered from a same-origin policy bypass vulnerability. The link to the demo exploit was a 403 at the time of addition and has not been included in this post.
Ubuntu Security Notice 5764-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot show more ...
Ubuntu Security Notice 5761-2 - USN-5761-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package.
Red Hat Security Advisory 2022-8799-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.
Red Hat Security Advisory 2022-8806-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.
Red Hat Security Advisory 2022-8809-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2022-8800-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
Red Hat Security Advisory 2022-8792-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and show more ...
Red Hat Security Advisory 2022-8790-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and show more ...
Red Hat Security Advisory 2022-8791-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and show more ...
Red Hat Security Advisory 2022-8793-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and show more ...
Ubuntu Security Notice 5762-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Ubuntu Security Notice 5761-1 - Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package.
Senayan Library Management System version 9.5.1 suffers from a remote SQL injection vulnerability.
Global security technology provider with 20+ years of experience embraces the next evolution of its business with refreshed brand and invigorated leadership.
Organizations of all sizes can now protect their cloud-native applications easily and cost-effectively across containers and all other cloud assets.
A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository. The source code and
Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own. "
Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations. According to a recent RSM survey, 62% of mid-market companies believe they are at risk of ransomware in the next 12
A persistent intrusion campaign has set its eyes on telecommunications and business process outsourcing (BPO) companies at lease since June 2022. "The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping activity," CrowdStrike researcher Tim Parisi said in an analysis published last week. The
A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful exploitation of ProxyShell flaws in the Microsoft Exchange Server. Initial compromise leveraged binaries
Hackers with ties to the Iranian government have been linked to an ongoing social engineering and credential phishing campaign directed against human rights activists, journalists, researchers, academics, diplomats, and politicians working in the Middle East. At least 20 individuals are believed to have been targeted, Human Rights Watch (HRW) said in a report published Monday, attributing the
