The pandemic completely reshaped the e-mail threat landscape. The mass shift over to remote working and the inevitable transfer of most communications to the online format has stimulated a rise in both phishing and BEC attacks. The increased flow of business correspondence has made it far easier for cybercriminals to show more ...
Humanitarian groups, local governments and non-profits will be able to use Cloudflare’s Zero Trust One suite of security tools at no cost, the company announced. The post Cloudflare Targets Security Poverty Line With Free Tools For At-Risk Groups appeared first on The Security Ledger with Paul F. Roberts. Related show more ...
Organizations need servant leaders to step forward and make their teams' professional effectiveness and happiness a priority.
Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.
Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.
Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner.
SIEM and XDE made a lot of promises, but they don't quite live up to the SOC team's standards.
Offensive security researchers found 63 previously unreported vulnerabilities in printers, phones, and network-attached storage devices in the Zero Day Initiative's latest hackathon.
Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBoM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.
Vohuk, ScareCrow, and AESRT add to the ransomware chaos that organizations have to contend with on a daily basis.
OSV-Scanner generates a list of dependencies in a project and checks the OSV database for known vulnerabilities, Google says.
Veracode has acquired Crashtest Security to enhance the existing DAST capabilities available as part of Veracode’s Continuous Software Security Platform and broaden customer access globally.
The platform exposed user names, surnames, country of residence, and email addresses in plaintext, as well as occupation status, phone, and passport numbers. The leak was possible because of poor security measures.
A recent study led by Marleen Weulen Kranenbarg, assistant professor of criminology at Vrije University in Amsterdam, sheds new light on the specific personal characteristics of digital offenders.
The investor is the Qatar Investment Authority, which values Snyk at $7.4 - a figure 13% less than Snyk's $8.5 billion valuation in September 2021 following a $530 million Series F round.
Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022.
While Rackspace has not confirmed that any data has been compromised, California-based law firm Cole & Van Note has filed a lawsuit that describes the incident as a data breach. The lawsuit has been filed in the Western District of Texas.
Early Saturday morning, a threat actor named 'UberLeaks' began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches.
According to a study by Atlas VPN, 59.58 million samples of new Windows malware were found in the first three quarters of 2022 and these make up 95.6% of all new malware discovered during that time period.
The Silicon Valley-based email security vendor says its agreement to purchase New York-based Illusive will allow Proofpoint to add identity risk discovery and remediation and post-breach defense to its threat and information protection platform.
In a statement on its website posted early Monday, LockBit announced that it targeted systems belonging to the California Department of Finance and gave the agency a December 24 deadline, when it is threatening that it will publish the stolen files.
The skills shortage is not going to disappear overnight. However, with steps to improve security awareness, organizations can adjust their approach to their cybersecurity posture and build a foundation that supports the cybersecurity team.
The cost of the cyberattack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m). The figures come from a letter from HSE chief information officer Fran Thompson sent to Aontú leader Peadar Tóibín.
Over the weekend, Emsisoft threat analyst Brett Callow noticed that the Play ransomware operation started listing Antwerp as one of its victims. This Antwerp entry on the data leak site claims that 557 GB of data was stolen during the attack.
Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems.
Babuk ransomware has been renovated as threat actors have combined Babuk’s leaked source code with open-source evasive software and side-loading techniques to create a previously-unseen variant. Hackers used this new variant to target a multibillion-dollar manufacturing enterprise with over 10,000 servers and workstations.
Similar to StealthWorker, GoTrim also utilizes a bot network to perform distributed brute-force attacks. The earliest sample that the Fortinet researchers found was from September 2022. That campaign is still ongoing.
The new backdoor was discovered by Juniper Networks researchers, who found the backdoor on a VMware ESXi server. However, they could not determine how the server was compromised due to limited log retention.
The four individuals, Joel Zubaid, 55, David Goran, 56, Julian Rebiga, 55, and Martin Mizrahi, 51, are charged with defrauding victims of more than $9.2 million and laundering the proceeds, an indictment unsealed last week reads.
A Brooklyn hospital group that serves patients in some of New York’s poorest neighborhoods has been battling the consequences of a cyberattack that forced some critical services offline.
The White House’s aggressive deadlines for agencies to develop post-quantum cryptography strategies make the U.S. the global leader on protection, but the transition will take at least a decade, experts say.
A little-known phone monitoring app called Xnspy has stolen data from tens of thousands of iPhones and Android devices, the majority of whose owners are unaware that their data has been compromised.
Russian-speaking hacking group Silence dropped the TrueBot malware downloader on over 1,500 systems worldwide to deploy their set of hacking tools, including Grace malware, Cobalt Strike, Teleport, and Cl0p ransomware. Teleport is a new custom data leakage tool created by the group. It uses Truebot downloader to show more ...
Paying the piper emboldens the criminal syndicates behind the hackers and only serves to buttress ransom demands, opening the door to more attacks and burdening the consumer with higher prices.
A previously undocumented malware, dubbed Drokbk, was linked to an Iranian hacker group known as Nemesis Kitten (aka DEV-0270). The malware uses GitHub as a dead drop resolver to extract data from a compromised system or to receive commands. The malware is written in .NET and is deployed post-intrusion to achieve persistence. It contains a dropper and a payload to execute remote server commands.
Pwn2Own paid out almost $1 million to bug hunters at last week's event in Toronto, but the prize money wasn't big enough to attract attempts at cracking the iPhone or Google Pixel because miscreants can score far more from less wholesome sources.
According to Fortinet, three new (typical) ransomware families, named Aerst, ScareCrow, and Vohuk, are being increasingly used in attacks. The core target of the malware infection remains users in Germany and India. Experts have jotted down some similarities between ScareCrow and Conti, suggesting the former’s developer might have referred to the leaked Conti source code.
The attacks involved an email campaign in which hackers sent out messages purportedly on behalf of Ukraine’s State Emergency Service with tips on how to identify a kamikaze drone.
With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.
A severe security flaw in the Amazon Elastic Container Registry (ECR) Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.
Trend Micro researchers spotted a cryptocurrency mining campaign against Linux machines using the open-source Chaos RAT to deploy Monero miner, among other functions. The main server is located in Russia and uses cloud-bulletproof hosting to hide its whereabouts. Experts suggest individuals and organizations stay show more ...
The fallout from many of the cyberattacks on third-party vendors resulted in impacts for multiple connected providers, with two of these vendor incidents affecting hundreds of healthcare providers.
Judging Management System version 1.0 a remote shell upload vulnerability.
Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Trojan-Dropper.Win32.Decay.dxv (CyberGate 1.00.0) malware suffers from an insecure proprietary password encryption vulnerability.
Ubuntu Security Notice 5775-1 - It was discovered that Vim uses freed memory in recursive substitution of specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. It was discovered that Vim makes illegal memory calls when patterns start with an illegal byte. An attacker show more ...
Red Hat Security Advisory 2022-8915-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.
Red Hat Security Advisory 2022-8932-01 - Red Hat OpenShift Serverless Client kn 1.26.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.26.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Debian Linux Security Advisory 5300-1 - Multiple security issues were discovered in pngcheck, a tool to verify the integrity of PNG, JNG and MNG files, which could potentially result in the execution of arbitrary code.
Ubuntu Security Notice 5774-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was show more ...
Red Hat Security Advisory 2022-8917-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This show more ...
Red Hat Security Advisory 2022-8913-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This show more ...
Ubuntu Security Notice 5773-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Linux kernel did show more ...
Ubuntu Security Notice 5754-2 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a memory leak existed in show more ...
Ubuntu Security Notice 5756-3 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was show more ...
Ubuntu Security Notice 5772-1 - It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was show more ...
Ubuntu Security Notice 5767-2 - USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash.
Ubuntu Security Notice 5771-1 - USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression which could cause the cache log to be filled with many Vary loop messages. This update fixes the problem. Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious show more ...
Red Hat Security Advisory 2022-8941-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2022-8958-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.
Red Hat Security Advisory 2022-8961-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red show more ...
Red Hat Security Advisory 2022-8959-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.
Red Hat Security Advisory 2022-8965-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.1. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-8940-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2022-8963-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red show more ...
Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-8957-01 - This release of Red Hat build of Quarkus 2.7.6.SP3 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include a deserialization vulnerability.
Red Hat Security Advisory 2022-8962-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red show more ...
Ubuntu Security Notice 5776-1 - It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. It was discovered that containerd incorrectly set up inheritable file show more ...
Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.
Jira, Confluence,Trello, and BitBucket affected.
Former Head of Security at Stripe and Distinguished Security Engineer at Google joins cloud security leader to help scale security excellence across customer base.
Enterprises can now adopt the industry's most comprehensive Zero Trust Network Access 2.0 to secure access to all applications from any device.
1Password's annual State of Access report reveals that distracted employees are twice as likely to do the bare minimum for security at work.
Research from Marlin Hawk also shows a 15% increase in CISOs holding STEM-related degrees year-over-year, diversifying the succession talent pool.
An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular requests library: dequests, fequests, gequests, rdquests, reauests, reduests,
Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as CVE-2022-42475 (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests. The company said
Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Distributed through another malware loader known as SmokeLoader, the malware has been described as an show more ...
A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," Gafnit
Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared
