Theres a huge variety of beers in the world today. But what if you want to keep track of which ones youve already tasted? You guessed it – theres an app for that; actually – quite a few. Among them, Untappd has become the de facto standard with craft beer fans. The app is essentially a specialized social network show more ...
Organizations care about data privacy, but their priorities appear to be different from what their customers think are important.
OpenAI's chatbot has the promise to revolutionize how security practitioners work.
An academic analysis of website defacement behavior by 241 new hackers shows there are four clear trajectories they can take in future, researchers say.
Google has mounted a massive takedown, but Dragonbridge's extensive capabilities for generating and distributing vast amounts of largely spammy content calls into question the motivation behind the group.
Organizations are struggling to procure appropriate technical tools to address responsible AI, such as consistent bias detection in AI applications.
A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.
Data Privacy Day rolls around year after year, and data privacy breaches likewise. Two-thirds of data breaches result in data exposure.
Iron Bow Technologies acquired GuardSight, a cybersecurity operations as a service (SECOPS), and managed detection and response (MDR) company that serves businesses and organizations across the U.S.
The CVE-2023-23560 flaw is a server-side request forgery in the Web Services feature of Lexmark printers, it received a CVSS score of 9.0. By compromising a vulnerable printer, threat actors can achieve an initial foothold in the target network.
The leaker posted a magnet link that they claim are 'Yandex git sources' consisting of 44.7 GB of files stolen from the company in July 2022. These code repositories allegedly contain all of the company's source code besides anti-spam rules.
Businesses not registered with the Singapore SMS Sender ID Registry by January 31 will have their messages labelled as "Likely-SCAM", as the country rolls out more measures to combat online scams.
Two hacking breaches - one at a non-profit provider mental health and substance treatment services and the other at a provider of behavioral health services - affected sensitive information of nearly 400,000 individuals.
Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update (CU) to have them always ready to deploy an emergency security update.
The months-long operation involved FBI agents accessing Hive’s network and providing victims with the decryption keys needed to regain control of their systems, blocking about $130m in demanded ransoms, senior justice department officials said.
Poor integration of the Ransack library into Ruby on Rails (RoR) applications could allow attackers to steal information from backend databases, security firm Positive Security has warned.
Phishing attacks and malware campaigns targeting Ukraine increased sharply in November before falling at year's end, says security firm Trellix. So too did endpoint security alerts in the region tied to "potentially unwanted programs."
Unit 42 researchers discovered a PlugX malware variant that stood out as it infects any attached removable USB media devices such as floppy, thumb, or flash drives and any additional systems the USB is later plugged into.
As ERP attacks increase this year, more organizations must ensure their security strategy takes these applications into account to keep their sensitive data and files. It's crucial to understand what risks are threatening their ERP applications.
Moses Staff made its first appearance on the threat landscape in September 2021 with the goal of primarily targeting Israeli organizations. The geopolitical group is believed to be sponsored by the Iranian government.
On Tuesday, Bitwarden users began seeing a Google ad titled 'Bitward - Password Manager' in search results for "bitwarden password manager." The domain used in the ad was 'appbitwarden.com' and, when clicked, redirected users to a spoofed login page.
Move over Lockbit, there's a new ransomware-as-a-service (RaaS) player in town attacking the education sector—and its name is Vice Society. Vice Society is believed to be a Russian-based intrusion, exfiltration, and extortion group.
The websites of German airports, public administration bodies, and financial sector organizations have been hit by cyberattacks instigated by a Russian “hacker group”, authorities said Thursday.
Cyble researchers determined that, in order to target a variety of well-known applications, the attackers are actively changing and customizing their phishing websites. Aurora targets data from web browsers and crypto wallets, among others.
The latest wave has been active since December 26, 2022, and over 5,600 websites are impacted by it so far. It has switched from fake CAPTCHA push notification scams to black hat ad networks.
PY#RATION can transfer files from the infected host machine to its C2 servers or vice versa. It uses WebSockets to avoid detection and for C2 communication and exfiltration.
Recently discovered by cybersecurity experts at DomainTools, the 'pig butchering' operation uses a complex network of social engineering techniques to defraud victims in West Africa.
The basic claim of the paper, published last Christmas by 24 Chinese researchers, is that they have found an algorithm that enables 2,048-bit RSA keys to be broken even with the relatively low-power quantum computers available today.
Debian Linux Security Advisory 5328-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Razer Synapse version 3.7.0731.072516 suffers from a local privilege escalation due to a DLL hijacking vulnerability.
Red Hat Security Advisory 2023-0483-01 - This asynchronous update patches Red Hat Fuse 7.11.1 on Karaf and Red Hat Fuse 7.11.1 on Spring Boot and several includes security fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
Ubuntu Security Notice 5822-2 - USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS introduced regressions in certain environments. Pending investigation of these regressions, this update temporarily reverts the security fixes. It was discovered that Samba incorrectly handled the bad password show more ...
Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the browser history of the show more ...
Red Hat Security Advisory 2023-0476-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Debian Linux Security Advisory 5329-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named.
Red Hat Security Advisory 2023-0481-01 - Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. This advisory contains bug fixes and enhancements to the Submariner container images.
Apple Security Advisory 2023-01-24-1 - tvOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
PHPJabbers Car Rental Script version 3.0 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2023-0208-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
Red Hat Security Advisory 2023-0210-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
Red Hat Security Advisory 2023-0479-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration.
Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).
Red Hat Security Advisory 2023-0469-01 - Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2023-0471-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1). Issues addressed include a denial of service vulnerability.
Chris Kirsch, CEO of runZero, sits down with Dark Reading’sTerry Sweeney for a Fast Chat on the importance of asset discovery.
Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona "badbullzvenom." eSentire's Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation, said it "found multiple mentions of the badbullzvenom account being shared between two people." The
Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems. "This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system," Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn
Orcus is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. ANY.RUN’s top malware types in 2022 That's why you'll definitely come across this type in your practice, and the Orcus
The U.K. National Cyber Security Centre (NCSC) on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations. "The attacks are not aimed at the general public but targets in specified sectors, including academia, defense, government organizations, NGOs, think tanks, as well as politicians, journalists and activists," the
