Information security is nothing if not stressful: the constant lookout for potential incidents and chronically long hours are compounded by the never-ending battle with other departments that see cybersecurity as an unnecessary nuisance. At best, they try not to think about it, but in especially severe cases, they go show more ...
UK sportswear retailer asks exposed customers to stay "vigilant" against phishing attempts following cyberattack.
Those who are wrangling code every day could fuel a genuinely transformational approach to security — if they are adequately upskilled.
Users searching for Bitwarden and 1Password's Web vaults on Google have recently reported seeing paid ads with links to cleverly spoofed sites for stealing credentials to their password vaults.
Cybercriminals are co-opting the identities of legitimate US financial advisers to use them as fodder for relationship scams (aka "pig butchering"), which end with the theft of investments.
Solutions that provide more actionable results — remediation that frees up engineers, processes which integrate security into software development from its design, along with automation, IAC, and tool consolidation — are among the DevSecOps strategies that will prevail this year.
The Instagram rate-limiting bug, found by a rookie hunter, could be exploited to bypass Facebook 2FA in vulnerable apps, researcher reports.
The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.
The complex nature of cyberattacks has increased demand for software developers, reverse engineers, and offensive specialists — attracting workers facing financial insecurity.
As CERT-UA found during the investigation, the threat actors gained remote access to Ukrinform's network around December 7, 2022, and waited more than a month to unleash the malware cocktail.
Following the shutdown of the Hive ransomware operation by law enforcement, the US government has reminded the public that a reward of up to $10 million is offered for information on cybercriminals.
Following the posting of an alleged database of customer information on a hacker forum, Target is denying that the data being sold on the dark web is current and says that the information was not taken directly from its systems.
The CISA's Joint Cyber Defense Collaborative (JCDC) will be focusing this year on beefing up security in the energy sector and leading the effort to update the National Cyber Incident Response Plan, according to the body’s planning agenda.
ProvenDB has been at the forefront of developing secure storage, leveraging blockchain technology that adds a layer of security to prevent data tampering or alteration of documents.
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition.
The DEV-0569 threat actor was found abusing Google Ads in ongoing advertising campaigns to deploy malware, exfiltrate victims’ passwords, and breach networks for ransomware attacks. Some of the top programs impersonated by adversaries are Rufus, 7-Zip, FileZilla, LightShot, AnyDesk, LibreOffice, VLC, Awesome Miner, WinRAR, and TradingView.
A Gurucul report found that organizations have never felt more vulnerable with three-quarters of respondents saying they feel moderately to extremely vulnerable to insider threats – an increase of 8% over the previous year.
ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
The most notable features of Godfather malware are bypassing 2FA by capturing SMS texts or notifications and executing itself as an Android service by abusing Accessibility Services to keep persistent and privileged access on infected devices.
The applications promote themselves as health, pedometer, and good habit-building apps, promising to give users random rewards for staying active in their daily lives, reaching distance goals, etc.
A series of attacks was discovered infecting organizations in East Asia with SparkRAT, originally an open source tool. TTPs of the attacks point toward the involvement of a Chinese-speaking threat actor dubbed DragonSpark. The Microsoft Security Threat Intelligence team reported about threat actors using SparkRAT for the first time in late December 2022.
Dragonbridge ran disinformation campaigns across Google-owned platforms YouTube, Blogger and AdSense. Meta and Twitter have also removed fake content from China that looks and sounds very similar to Dragonbridge's efforts.
Sebastien Raoult, a French national who is suspected of being a member of ShinyHunters cybercrime gang known as “Seyzo Kaizen,” has been extradited from Morocco to the United States.
Researchers at Trend Micro discovered a new ransomware strain, dubbed Mimic, that utilizes the 'Everything' file search tool on Windows to discover files to be targeted for encryption. English and Russian-speaking users are the prime targets. The ransomware supports command-line arguments to narrow down encryption targets. It also makes use of multi-threaded execution to speed up the data encryption process.
Organizations in some geographies are more likely to fall victim. Group-IB reports that from July 2021 through June 2022, 43% of known ransomware attacks hit U.S. organizations. Next in line were Germany, the U.K., Canada, Italy, and France.
As part of the investment, ABN AMRO will integrate Hadrian technology into its platform. The company stated it has formed tens of thousands of digital endpoints as it has grown its digital infrastructure over the years.
Despite not being the true LockBit Locker group, these micro criminals were still able to cause significant damage by encrypting a large number of internal files at SMBs in Belgium.
Security researcher Gtm Manoz from Nepal discovered in September 2022 that a system designed by Meta for confirming a phone number and email address did not have any rate-limiting protection.
Gootkit runs on an access-a-as-a-service model used by different groups to drop additional malicious payloads on compromised systems. It has been known to use fileless techniques to deliver threats such as SunCrypt, REvil, Kronos, and Cobalt Strike.
Under the terms of the proposal, TikTok would divulge core segments of its technology to Oracle and a set of third-party auditors who would verify that it is not promoting content in line with Beijing’s wishes or sharing U.S. user data with China.
Some of the major web browsers targeted by Titan Stealer include Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex, Opera, Brave, Vivaldi, 7 Star Browser, Iridium Browser, and others.
The company says the breach stems from a system containing customer data "relating to some online orders placed between November 2018 and October 2020" and that customers are at risk from scammers.
Debian Linux Security Advisory 5334-1 - Martin van Kervel Smedshammer discovered that varnish, a state of the art, high-performance web accelerator, is prone to a HTTP/2 request forgery vulnerability.
This paper goes over common components of broadcast systems, how hackers take advantage of them, and discusses some of the vulnerabilities discovered.
Ubuntu Security Notice 5811-3 - USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files.
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.
Red Hat Security Advisory 2022-9096-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include bypass and denial of service vulnerabilities.
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).
Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
PHPJabbers Car Park Booking System version 2.0 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5823-3 - USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced a regression in MySQL Router preventing connections from PyMySQL. This update reverts most of the changes in MySQL Router to 8.0.31 until a proper fix can be found.
Zstore version 6.6.0 suffers from a cross site scripting vulnerability.
Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
PHPJabbers Event Ticketing System Script version 1.0 suffers from a cross site scripting vulnerability.
Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.
PHPJabbers Travel Tours Script version 1.0 suffers from a remote SQL injection vulnerability.
Ubuntu Security Notice 5831-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the show more ...
PHPJabbers Travel Tours Script version 1.0 suffers from a cross site scripting vulnerability.
Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
PHPJabbers Property Listing Script version 3.1 suffers from a remote SQL injection vulnerability.
PHPJabbers Property Listing Script version 3.1 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5830-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP show more ...
Experian’s annual Future of Fraud Forecast highlights five fraud threats facing businesses and consumers in 2023.
The launch of a new article collection and webinar by the journal AILSCI recognises prominent female scientists in the field of AI.
New research from Drata shows compliance remains a business challenge for many organizations.
Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks
A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel. "The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," Uptycs security researchers
The Kremlin-backed Gamaredon hacking group is being blamed for an attempted phishing attack against the Latvian Ministry of Defence. Read more in my article on the Hot for Security blog.
GoTo says that hackers stole its customers' "encrypted backups." But they also say the hackers stole the decryption keys. To say the backups were encrypted is a bit like trying to argue that a locked box is locked, if the key to the locked box is stolen at the same time as the box.
If you've purchased trainers from sports fashion retailer JD Sports in the past, your personal details could now be in the hands of hackers. Read more in my article on the Hot for Security blog.
