One of the most popular secure messengers, Threema, found itself at the center of a scandal this week. Researchers at ETH Zurich, a public research university in Switzerland, found seven (7!) vulnerabilities in Threemas protocols. Meanwhile, the apps developers downplayed the bugs, blogging that theyd resolved all show more ...
Critical national infrastructure, widespread cybercrime, and cyber insecurity are major risks in the report
Password manager accounts may have, ironically, been compromised via simple credential stuffing, thanks to password reuse.
The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box tainted.
Rhadamanthys spreads through Google Ads that redirect to bogus download sites for popular workforce software — as well as through more typical malicious emails.
High-profile software provider compromises in the past few months show that threat actors are actively targeting the services underpinning corporate infrastructure. Here's what to do about it.
Establish clear and consistent processes and standards to scale lite threat modeling's streamlined approach across your organization.
Analyzing and learning from incidents is the ideal path to finding more insightful data and metrics, according to the VOID report.
Seven years on, millions of Ukrainians experience power outages on a daily basis, sometimes several times a day for between 3 and 10 hours. Even when the power comes back, homes can lack heating and running water.
Beneath the buzz around tech innovations at CES were discussions about cybersecurity and how to prevent the next generation of tech from being just as vulnerable as the last.
The Guardian has confirmed that the cyber incident it experienced in December was a criminal ransomware attack and that the attackers are believed to have accessed staff data.
After gaining access to a powerful administrative account, the researchers could perform all sorts of tasks inside Reviver, the sole company that sells the digital plates in California.
The provincial Crown corporation says in a brief statement on Wednesday that its website and mobile app remain unavailable. The LCBO says its shops are open to customers as they were unaffected.
As security leaders look forward to what the new year brings, they're taking stock of everything — their teams, their technologies, their budgets — and trying to plan for what looks to be another challenging year.
At this time is not possible to determine the authenticity of the claims, however, the alleged presence of insiders represents a serious threat to the company that is hard to eradicate.
IcedID, also known by the name BokBot, started its life as a banking trojan in 2017 before evolving into a dropper for other malware, joining the likes of Emotet, TrickBot, Qakbot, Bumblebee, and Raspberry Robin.
The recently spotted Dark Pink campaign has been targeting a vast range of organizations across Asia Pacific and Europe, since H2 2022, to steal corporate data - reported Group-IB. Dark Pink APT presumably visits job boards to tailor its messages and pose as a job applicant applying as an intern for a position in PR and communications.
According to WithSecure researchers, GPT-3 proved to be helpful at crafting a convincing email thread to use in a phishing campaign and social media posts, complete with hashtags, to harass a made-up CEO of a robotics company.
Chinese cyber activity is viewed in the West through the lens of state-sponsored APT groups. But the truth is the country also has a growing cybercrime economy. However, new laws and regulations are making life tougher for Chinese cybercriminals.
Scattered Spider, a financially-motivated threat actor, was spotted trying to deploy Intel Ethernet diagnostics drivers in BYOVD attacks to evade detection from EDR software. The injected malware routine ensures that the security software drivers appear to be functioning normally, but in reality, they no longer protect the computer.
A cybercrime group tracked as Scattered Spider has been observed exploiting an old vulnerability in an Intel Ethernet diagnostics driver for Windows in recent attacks on telecom and BPO firms.
Lengthy privacy notices included in a social media platform's terms of service can do little to help it comply with transparency requirements under European law, according to recently revealed case documents in which Meta was fined $414 million.
Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar.
Fortinet researchers reported how threat actors exploited the recently patched FortiOS SSL-VPN vulnerability (CVE-2022-42475) in attacks against government organizations and government-related targets.
The first round of security advisories published by Juniper Networks for 2023 cover hundreds of vulnerabilities that have been patched in the networking giant’s products.
Personal employee or customer data accounted for nearly 45% of all data stolen between July 2021 and June 2022, while companies’ source code and proprietary information accounted for a further 6.7% and 5.6% respectively, according to Imperva.
According to NBC News, the leaked files included some 120,000 files, with specific allegations of child abuse, names and birthdates of victims, and in some cases, adult descriptions and the alleged abuse information.
In a new post by MetaMask, the developers warn of a new scam called 'Address Poisoning' that relies on poisoning the wallet's transaction history with scammer's addresses that are very similar to addresses that a user recently had transactions.
Positions in outer space cybersecurity, AI mentoring, and digital footprint consulting may sound unusual at first glance, but the rapid development of technology could make them a reality in just a few years.
New York Governor Kathy Hochul is adding an additional $35 million in funding to the state’s $61.9 million cybersecurity budget for this year, while also creating a new team focusing on protecting critical infrastructure.
The malware was discovered by Daniel Milisic, who created a script and instructions to help users nullify the payload and stop its communication with the command and control (C2) server.
tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.
Libpcap is a portable packet capture library which is used in many packet sniffers, including tcpdump.
Ubuntu Security Notice 5804-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP show more ...
Red Hat Security Advisory 2023-0163-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
Red Hat Security Advisory 2023-0163-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
On newer macOS/iOS versions, entitlements in binary signature blobs are stored in the DER format. libCoreEntitlements.dylib is the userspace library for parsing and querying such entitlements. The kernel has its own version of this library inside the AppleMobileFileIntegrity module. libCoreEntitlements exposes several show more ...
Ubuntu Security Notice 5803-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux show more ...
WebKit suffers from a RenderMathMLToken use-after-free vulnerability in CSSCrossfadeValue::crossfadeChanged.
Ubuntu Security Notice 5801-1 - It was discovered that Vim makes illegal memory calls when pasting brackets in Ex mode. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. This issue affected only Ubuntu 20.04 and 22.04 It was discovered that Vim makes illegal show more ...
Academy LMS version 5.11 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5802-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP show more ...
Red Hat Security Advisory 2023-0164-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
Red Hat Security Advisory 2023-0017-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.56. Issues addressed include show more ...
ChiKoi New-MVC-SHOP version 1.0 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5800-1 - It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-0160-01 - PostgreSQL is an advanced object-relational database management system.
WordPress Slider Revolution plugin versions 4.x.x suffer from a remote shell upload vulnerability.
WordPress Slider Revolution plugin version 4.9.2 suffers from a directory traversal vulnerability.
WordPress Slider Revolution plugin version 4.6.5 suffers from a directory traversal vulnerability.
WordPress Slider Revolution plugin version 4.1.3 suffers from a directory traversal vulnerability.
WordPress Slider Revolution plugin version 4.1.2 suffers from a directory traversal vulnerability.
WordPress Slider Revolution plugin version 3.0.8 suffers from a directory traversal vulnerability.
WordPress Profile Builder plugin version 3.0.5 suffers from a remote SQL injection vulnerability.
Global Education and Technoworld version 4.1 suffers from an unauthorized backup disclosure vulnerability.
Laravel versions 1.0 to 9.47.0 suffer from database disclosure and information leakage vulnerabilities.
With the $7.2M contract, Cloudflare will enhance resilience and simplify security for .gov domain users.
As the new year begins, it's more important than ever to protect your business from the constantly evolving cyber threats that could compromise your valuable assets. But who wants to pay an arm and a leg for top-tier security? With this Uptycs introductory offer, you do not have to. Kickstart the new year by securing your business with Uptycs. Starting now, for just $1, you can get
A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers said in a post-mortem analysis published this week. The
Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security researcher
Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers," Bitdefender said in an analysis. A majority of the infections are said to originate in
European law enforcement agencies have dealt a blow to scammers running call centres across the continent that stole millions of Euros from cryptocurrency investors. Crime-fighting authorities teamed up to tackle organised criminal groups who tricked unwary members of the public into investing in fake cryptocurrency schemes. Read more in my article on the Hot for Security blog.
