Two of the vulnerabilities — in Azure Functions and Azure Digital Twins — required no account authentication for an attacker to exploit them.
The latest critical bug is exploitable in dozens of ManageEngine products and exposes systems to catastrophic risks, researchers warn.
Security professionals must update their skill sets and be proactive to stay ahead of cybercriminals. It's time to learn to think and act like an attacker to cope with the cyber "new normal."
Following these basic cybersecurity hygiene policies can help make data more secure and protect colleges and universities from becoming the next ransomware headline. The steps aren't complicated, and they won't break the bank.
A rapid increase in the number of operators in the space — the "locksmiths" of the cyber underground — has made it substantially cheaper for cybercriminals to buy access to target networks.
Companies are being urged to update 0Auth, runner, and project API tokens, along with other secrets stashed with CircleCI.
In 2022, multiple high-profile vulnerabilities like Log4j and OpenSSL provided important takeaways for future public reporting.
Successful exploitation enables unauthenticated threat actors to execute arbitrary code on Zoho ManageEngine servers if the SAML-based single-sign-on (SSO) is or was enabled at least once before the attack.
A series of vulnerabilities affecting industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to internal operational technology (OT) networks from the internet.
Researchers found that one of its features for code development and collaboration – sharing forwarded ports publicly – can be abused by malicious actors to create a malware file server using a legitimate GitHub account.
Group-IB spotted 2348 instances of IAB sales activity between H2 2021 and H1 2022, with the number of countries in which victim organizations are located also increasing – by 41% to a total of 96 during the period.
A ransomware attack on Norwegian classification society DNV, maker of ShipManager software, shut down servers hosting software used to manage the crewing and maintenance schedules of about 1,000 vessels across the globe.
NoName057(16), a pro-Russian cybercrime gang, was found launching DDoS attacks against telecom, government, media, military, transportation, and financial organizations in Ukraine and NATO countries. Hackers utilize Telegram to claim responsibility for their attacks, mock the targets, make threats, and justify their actions as a group.
Building a plan is not enough, it should be practiced through drills and rehearsals both inside departments and at the overall organizational level. This allows companies to recognize any gaps in the plan and to remedy them effectively.
The malicious packages, discovered by Fortinet, were all uploaded by the same author named 'Lolip0p' between January 7 and 12, 2023. Their names are 'colorslib,' 'httpslib,' and 'libhttps.' All three have been reported and removed from the PyPI.
A threat actor identifying itself as Lolip0p was spotted dropping three rogue packages to the PyPI repository with an aim to carry out supply chain attacks. The packages, named colorslib (versions 4.6.11 and 4.6.12), libhttps (version 4.6.12), and httpslib (versions 4.6.9 and 4.6.11) are designed to drop malware. The executable downloaded during the infection process is capable of dropping additional binaries.
According to Hornetsecurity, 33% of companies are not providing any cybersecurity awareness training to users who work remotely. The study also revealed that nearly 74% of remote staff have access to critical data.
The plan set out by the Chinese government also calls for the development of more infosec products and improvements to the security of existing offerings. China wants AI and blockchain to be applied when suitable.
The Vice Society ransomware gang has claimed responsibility for a November 2022 cyberattack on the University of Duisburg-Essen (UDE) that forced the university to reconstruct its IT infrastructure, a process that's still ongoing.
Two cryptocurrency exchanges have frozen accounts identified as having been used by North Korea’s notorious Lazarus Group. The accounts frozen by Binance and Huobi amounted to 124BTC - $2.6 million at the time of writing.
According to Check Point's Global Threat Index for December 2022 report, Qbot was the most prevalent malware last month impacting 7% of organizations worldwide, followed by Emotet with a global impact of 4% and XMRig with a global impact of 3%.
Contacted by an anonymous reader, Heimdal was made aware that numerous Danish smartphone owners have been flooded by cryptic messages from a user that goes by the moniker of “Dansk-game.”
A multimillion-pound high court case between an authoritarian Gulf emirate and an Iranian-American businessman has revealed how hacked evidence is being used by leading law firms to advance their clients’ claims.
In a phishing campaign described by the Russian cybersecurity channel In2security on Telegram and confirmed by researchers from Kaspersky Lab, attackers used a phishing website and Telegram bot to collect personal data from Russian users.
Two specialty medical care firms - a Texas-based home healthcare agency and a Pennsylvania-based women's and family health clinic - are reporting separate ransomware breaches that in total affect nearly 600,000 individuals.
Maurice Blackburn Lawyers, Bannister Law Class Actions, and Centennial Lawyers are joining forces to run a data breach complaint against Medibank, seeking compensation for tens of thousands of affected customers already registered with the law firms.
In this campaign, the threat actor uses public cloud storage services such as files.fm and failiem.lv to host malware, while compromised web servers distribute NjRAT to victims.
Cybercriminals are using phishing websites to mimic popular software, and raking it better via Google Ads, to trick users into downloading Rhadamanthys Stealer. The stealer spreads using spam emails, including an attachment to drop the malicious payload. The stealer targets several applications, including web browsers, crypto wallets, and messaging applications.
Attackers have been using a large and resilient infrastructure to distribute two prominent info-stealers—Raccoon and Vidar—possibly since early 2020, revealed security experts. Experts found that the intrusion sets are implementing defense evasion techniques to increase the chances of successfully compromising a target system, making detection an arduous task.
An NFT influencer with the Twitter handle @NFT_GOD claims to have lost thousands of dollars worth of non-fungible tokens (NFTs) and crypto in a Google Ads-delivered malware attack.
The security incident was reported to the Office of the Maine Attorney General on Monday, January 16, 2023, where Nissan disclosed that 17,998 customers were affected by the breach.
The security issues, which were discovered by Orca between October 8, 2022, and December 2, 2022, in Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, have since been addressed by Microsoft.
Cloud security firm Datadog says that one of its RPM GPG signing keys and its passphrase have been exposed during a recent CircleCI security breach. However, the company added that it has yet to find evidence that this key was leaked or misused.
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can show more ... also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
Debian Linux Security Advisory 5320-1 - A logic error was discovered in the implementation of the "SafeSocks" option of Tor, a connection-based low-latency anonymous communication system, which did result in allowing unsafe SOCKS4 traffic to pass.
Red Hat Security Advisory 2023-0173-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Issues addressed include an integer overflow vulnerability.
Ubuntu Security Notice 5805-1 - It was discovered that Apache Maven followed repositories that are defined in a dependency’s Project Object Model even if the repositories weren't encryptedh. An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service.
LISTSERV version 17 suffers from an insecure direct object reference vulnerability that allows illicit access to a target's profile.
LISTSERV version 17 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5804-2 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP show more ... handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-0168-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include a denial of service vulnerability.
Debian Linux Security Advisory 5319-1 - Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, software-based Ethernet virtual switch, which could result in denial of service.
Ubuntu Security Notice 5795-2 - USN-5795-1 and 5543-1 fixed several vulnerabilities in Net-SNMP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service.
BootCommerce version 3.2.1 suffers from a remote SQL injection vulnerability.
BootCommerce version 3.2.1 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-0167-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include a denial of service vulnerability.
A XNU race condition in vm_map_copy_overwrite_unaligned allows writing to read-only mappings.
XNU VM suffers from a copy-on-write bypass vulnerability due to incorrect shadow creation logic used during unaligned vm_map_copy operations.
Red Hat Security Advisory 2023-0170-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include a denial of service vulnerability.
Debian Linux Security Advisory 5318-1 - Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, was suspectible to denial of service via recursive XML entity expansion.
Red Hat Security Advisory 2023-0166-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include a denial of service vulnerability.
The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix does not consider this to be a security vulnerability. Citrix Workspace App for Linux versions 2212 is affected.
Red Hat Security Advisory 2023-0169-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include a denial of service vulnerability.
Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Red Hat Security Advisory 2023-0171-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-0172-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include a denial of service vulnerability.
Active Matrimonial CMS version 3.5 appears to leave a default administrative account in place post installation.
Yazilimi Jettweb version 3 suffers from a cross site scripting vulnerability.
Open source AI is lowering the barrier of entry for cybercriminals. Security teams must consider the right way to apply defensive AI to counter this threat.
Standalone product provides permission insights for Active Directory security and compliance.
VIPRE Endpoint Detection & Response (EDR) delivers streamlined, sophisticated, high-performing cloud-based EDR management in a single, easy-to-navigate console.
A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12) – by the author between January 7, 2023, and January 12, 2023. They have since been
Four different Microsoft Azure services have been found vulnerable to server-side request forgery (SSRF) attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, have since been addressed
New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase from a web browser or via an integration in Visual Studio Code. It also comes with a port
It's no secret that the job of SOC teams continues to become increasingly difficult. Increased volume and sophistication of attacks are plaguing under-resourced teams with false positives and analyst burnout. However, like many other industries, cybersecurity is now beginning to lean on and benefit from advancements in automation to not only maintain the status quo, but to attain better security
Users of Zoho ManageEngine are being urged to patch their instances against a critical security vulnerability ahead of the release of a proof-of-concept (PoC) exploit code. The issue in question is CVE-2022-47966, an unauthenticated remote code execution vulnerability affecting several products due to the use of an outdated third-party dependency, Apache Santuario. "This vulnerability allows an
