Episode 279 of the Transatlantic Cable kicks off with a troubling story about purported Chinese hacker group, APT41 attacking and stealing U.S. Covid relief payments, to the cool tune of $20 million. Whilst details are thin, concerns are being raised around just how much of the nearly $800 billion was actually used by show more ...
Now part of the multinational company Gen Digital, Avast has reputation for making effective security solutions to combat viruses and other threats. But how safe and reliable are they? In this post we examine why some users are suspicious of Avast, and whether you can still trust this developers products. Is Avast show more ...
Learn how BOD 23-01 asset inventory mandates can help all organizations tighten cybersecurity.
A world of increasingly connected devices has created a vast attack surface for sophisticated adversaries.
At AWS re:Invent last week, the cloud giant previewed security services including Amazon Security Lake for security telemetry, Verified Permissions for developers, and a VPN bypass service.
Microsoft, three others release patches to fix a vulnerability in their respective products that enables such manipulation. Potentially other EDR products affected as well.
A ransomware attack on the company's Hosted Exchange environment disrupted email for thousands of mostly small and midsize businesses.
If compiling a software bill of materials seems daunting, attack surface management tools can provide many of the benefits.
After an uproar, the city board voted to rescind last week's bill to allow police to use robots to deliver deadly force. The fight isn't over, but there's a good reason it should be.
The botnet exploits flaws in various routers, firewalls, network-attached storage, webcams, and other products and allows attackers to take over affected systems.
Cybercrooks allegedly stole personal data, used it to file IRS tax documents, and routed refunds to bank accounts under their control.
Software firms and the National Security Agency urge developers to move to memory-safe programming languages to eliminate a major source of high-severity flaws.
Out of more than 80 flaws fixed this month, the most critical was a system component bug that could allow RCE over Bluetooth.
For even the most skilled hackers, it can take at least an hour to write a script to exploit a software vulnerability and infiltrate their target. Soon, a machine may be able to do it in mere seconds.
The pro-Ukraine collective IT Army of Ukraine has claimed responsibility for the DDoS attacks against the bank. In November, the group of hacktivists announced the offensive on its Telegram channel.
This month’s update addresses 45 vulnerabilities in core Android components with patch level 2022-12-01, and another 36 vulnerabilities impacting third-party components addressed in patch level 2022-12-05.
In its most recent update, posted at 08:26 EST on Tuesday, Rackspace said it has now "determined this suspicious activity was the result of a ransomware incident," and has hired a "leading cyber defense firm to investigate."
It is alleged they conspired to break into US companies' servers, steal people's personally identifiable information (PII), use that info to file fraudulent tax returns to Uncle Sam, and collect victims' tax refunds.
The city of Antwerp, Belgium, is working to restore its digital services that were disrupted last night by a cyberattack on its digital provider. The disruption has affected services used by citizens, schools, daycare centers, and the police.
Within cloud containers, like virtual machines, secrets and sensitive information is used by applications and can pose a risk to other systems if discovered by attackers.
Secretary of Homeland Security Alejandro Mayorkas said national security and homeland security are now more interconnected than ever before, largely driven by the fact that U.S. adversaries can execute attacks “with a keystroke.”
The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021, through the successful exploitation of ProxyShell flaws in the Microsoft Exchange Server.
Hackers were found abusing the open-source Linux PRoot utility in Bring Your Own Filesystem (BYOF) attacks to offer a constant repository for malicious tools compatible with Linux distributions. Researchers reported one sample malicious filesystem packaged with masscan, Nmap, XMRig cryptominer, and the related configuration files.
The Swiss government has asked Parliament to amend the Information Security Act to make it mandatory for critical infrastructure providers to report cyber-attacks to the National Cyber Security Centre (NCSC).
A new report found Russian hackers compromising the networks of 15 healthcare organizations, a dam monitoring system, and others in the U.K and the U.S. to launch cyberattacks against Ukraine. They were seen boosting selected narratives online through state-affiliated media outlets and social media accounts to amplify the intensity of popular dissent over energy and inflation across Europe.
Despite fears of a looming recession, SMBs in the U.S. are spending more on software in 2023, according to Capterra’s 2023 SMB Software Buying Trends Survey. 75% of U.S. SMBs estimate they’ll spend more on software in 2023 compared to 2022.
The White House held two international ransomware summits in the past two years, the first took place in 2021 and included 30 nations, plus the EU. The second summit took place from October 31 to November 1, 2022, with 36 countries plus the EU.
Researchers uncovered a persistent SIM swapping act by Scattered Spider to pilfer user credentials employed at telecoms and Business Process Outsourcing (BPO) firms. In all the attacks, the group used a multitude of ISP and VPN providers to gain access to Google Workspace environments, on-premise infrastructure, and AzureAD.
"The deputy head of Fars news agency, Abbas Darvish Tavanger, has been arrested for falsifying news," state broadcaster IRIB said late Monday. He would remain in custody during the investigation, it added.
Instead of leveraging the typical base64 encoding to evade detection, the attacker was adding variations of a PHP function to normal plugin files which decoded hex2dec from a second file containing a hexadecimal payload.
The state of Maryland banned the use of TikTok and other Chinese and Russian products by state agencies, citing reporting by NBC News about hackers linked to the Chinese government stealing millions in Covid benefits from U.S. state governments.
New Zealand's Privacy Commission has signaled it may open an investigation into local managed services provider Mercury IT, which serves many government agencies and businesses and has been hit by ransomware.
Sophos has informed customers that Sophos Firewall version 19.5, whose general availability was announced in mid-November, patches several vulnerabilities, including ones that can lead to arbitrary code execution.
Threat actors can hijack machine learning (ML) models that power artificial intelligence (AI) to deploy malware and move laterally across enterprise networks, researchers have found.
A report by Accenture’s Cyber Threat Intelligence Team (ACTI) shed light on the higher demand for infostealer malware in underground forums and laid bare the lucrative factors supporting it. RedLine dominated the underground forums and was used in 56% of data breaches. Having threat intelligence on the latest show more ...
The researchers said in what appears as a new way to acquire victims cheaply and easily, attackers took over a defunct internet domain that previously hosted a JavaScript library decommissioned in December 2014.
Domain provider CSC analyzed threatening domains targeting 10 of the biggest brands in the world in a report published on December 6, 2022. These include Amazon, Walmart, McDonald’s, Tencent, Google, Microsoft, Apple, and Facebook.
This botnet, known as Zerobot, contains several modules, including self-replication, attacks for different protocols, and self-propagation. It also communicates with its command-and-control server using the WebSocket protocol.
Meta is expected to face another large fine after Europe's data watchdog on Tuesday imposed binding decisions concerning the treatment of personal data by the owner of Facebook, Instagram and WhatsApp.
Founded in 2010 and having a market presence in over 55 countries, the Sao Paulo-based privileged access management (PAM) vendor officially launched its North American operations in August this year.
Microsoft says that cryptocurrency investment companies have been targeted by a threat group it tracks as DEV-0139 via Telegram groups used to communicate with the firms' VIP customers.
The routing system security is critical to maintaining privacy online and ensuring information isn’t hijacked by malicious actors and that the information an organization sends — and receives — is trustworthy.
The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific.
More than 40 educational organizations, including 15 in the United States, suffered ransomware attacks launched by the cybercriminal group known as Vice Society, researchers at Palo Alto Networks revealed in a report published Tuesday.
New Musk followers are being added to a "Deal of the Year" list on Twitter that lures them into depositing small crypto amounts into the attackers' wallet with the false promise of receiving up to 5000 Bitcoin in return.
SentinelOne sentinelagent version 22.3.2.5 on Linux suffers from a privilege escalation vulnerability due to not use a fully qualified path when calling grep.
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr versions 0.20.0 and earlier allows attackers to read arbitrary files on the local machine via a malicious 7z file extraction.
Red Hat Security Advisory 2022-8880-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP20. Issues addressed include a randomization vulnerability.
Red Hat Security Advisory 2022-8876-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.2 includes security and bug show more ...
Ubuntu Security Notice 5763-1 - It was discovered that NumPy did not properly manage memory when specifying arrays of large dimensions. If a user were tricked into running malicious Python file, an attacker could cause a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that NumPy did not show more ...
Debian Linux Security Advisory 5297-1 - A buffer overflow was discovered in the VNC module of the VLC media player, which could result in the execution of arbitrary code.
Red Hat Security Advisory 2022-8831-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
pixman versions prior to 0.42.2 suffer from an out-of-bounds write vulnerability in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
Red Hat Security Advisory 2022-8827-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.
Red Hat Security Advisory 2022-8832-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-8833-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Debian Linux Security Advisory 5296-1 - Robin Peraglie and Johannes Moritz discovered an argument injection bug in the xfce4-mime-helper component of xfce4-settings, which can be exploited using the xdg-open common tool. Since xdg-open is used by multiple standard applications for opening links, this bug could be show more ...
Data protection company Piiano officially launches a vault for sensitive customer data, the first among a suite of privacy tools for developers.
Cisco's annual Security Outcomes Report shows executive support for a security culture is growing. It identifies the top seven success factors that boost enterprise security resilience, with a focus on cultural, environmental, and solution-based factors that businesses leverage to achieve security.
A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. The botnet "contains several modules, including self-replication, attacks for different protocols, and self-propagation," Fortinet FortiGuard Labs researcher Cara Lin said. "It also
Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's Lazarus Group. "DEV-0139 joined Telegram groups
Critical infrastructure is important for societal existence, growth, and development. Societies are reliant on the services provided by critical infrastructure sectors like telecommunication, energy, healthcare, transportation, and information technology. Safety and security are necessary for the optimal operation of these critical infrastructures. Critical infrastructure is made up of digital
The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific. That's according to the BlackBerry Research and Intelligence Team, which analyzed a RAR archive file titled "Political Guidance for the new EU approach towards Russia.rar." Some of the targeted countries include
A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier. Recorded Future attributed the new infrastructure to a threat activity group it tracks under the name TAG-53, and is broadly known by the cybersecurity community as Blue Callisto,
The Vice Society cybercrime group has disproportionately targeted educational institutions, accounting for 33 victims in 2022 and surpassing other ransomware families like LockBit, BlackCat, BianLian, and Hive. Other prominent industry verticals targeted include healthcare, governments, manufacturing, retail, and legal services, according to an analysis of leak site data by Palo Alto Networks
