This past year we saw a flurry of news reports about leaks of personal data from various online services and even from popular password managers. If you use a digital vault, when you read about such a data leak, youll probably start imagining a nightmare scenario: attackers have accessed all your accounts whose show more ...
Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps.
Security vulnerabilities in VMware's vRealize Log Insight platform can be chained together to offer a cybercriminals a gaping hole to access corporate crown jewels.
Demand for skilled professionals will remain high, but cyber budgets will be eaten away.
Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.
Recent cyberattacks against SMBs across Europe have been traced back to copycat groups using leaked LockBit locker malware.
Since requirements differ for users who work both from home and in the office, policies — and underlying technology — must adapt.
Three mindset shifts will help employees build a habit of vigilance and make better security decisions. Move past security theater to reframe thinking so employees understand data's value, act with intention, and follow data best practices.
The demand is unmistakeable and the business case is readily justified — it's time to implement zero trust.
The vulnerability is tracked as CVE-2022-27596 and rated by the company as 'Critical' (CVSS v3 score: 9.8), impacting QTS 5.0.1 and QuTS hero h5.0.1 versions of the operating system.
About 49% of organizations have sufficient budget to fully meet their current cybersecurity needs, and 11% can, at best, protect only their most critical assets, according to a survey by the Neustar International Security Council.
A spokesperson for Latvia’s Ministry of Defense confirmed that the latest attack was “most likely” linked to Russia's Gamaredon, although the investigation is still ongoing.
The threat actor known as Cobalt Sapling was spotted targeting Saudi Arabia by creating a new sub-group dubbed Abraham's Ax. Researchers also found a connection between Moses Staff and Abraham's Ax. Both rely on the same custom cryptographic wiper malware for encrypting the victim’s data. To stay protected, experts recommend organizations audit the access controls by leveraging the available IOCs.
Organizations are optimistic about the security of open-source software development, with an average of 77% believing the security of open-source development will improve by the end of 2023, according to a 2022 Linux Foundation report.
More than two years later, Hackney Council is still dealing with the colossal aftermath of a ransomware attack. While its services are now back up and running, parts of the council are still not operating as they were prior to the attack.
A specialist music academy in Guildford, southwest of London, has confirmed that a cyberattack is responsible for knocking out its phone lines and impacting the school’s IT systems.
The NCSC-U.K warned against ongoing spear-phishing campaigns against government entities, NGOs, think tanks, academia, and others, by Russia-based SEABORGIUM and Iran-based TA453 threat actors. SEABORGIUM and TA453 spend time researching their targets' interests and contacts to create a convincing approach. The NCSC-U.K recommends reporting activity consistent with the techniques described.
Prilex is a highly advanced malware adopting a unique cryptographic scheme, doing real-time patching in target software, forcing protocol downgrades, manipulating cryptograms, doing GHOST transactions, and performing credit card fraud.
The COVID-19 pandemic incentivized the use of virtual platforms for students to attend school remotely, which broadened the attack surface and presented a goldmine of sensitive information belonging to educators and students.
In the wake of a significant rise in ransomware attacks, especially by the Lockbit locker group, a cybercriminals group was spotted targeting SMBs in Belgium and extorting by impersonating Lockbit. The incident highlights the threat of outdated software and systems, as extortion practices become increasingly popular even among less sophisticated criminals.
A malicious live software service named TrickGate has been used by numerous threat actors to bypass endpoint detection and response (EDR) protection software for over six years.
The Silk Road was the first modern dark web marketplace, an online place for anonymously buying and selling illegal products and services using Bitcoin. Ross Ulbricht created The Silk Road in 2011 and operated it until 2013 when the FBI shut it down.
GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.
Seven Ohio justices unanimously ruled in the favor of Owners Insurance Company in a case filed against the insurer by EMOI, a medical billing software vendor in the healthcare space.
A new strain of the PlugX malware was found, which can hide malicious files on detachable USB drives and infect the Windows hosts they are connected to. The technique is stealthy and can impact air-gapped systems. Organizations are suggested to have in-depth and multi-layered security defense to protect all end-points.
"The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET revealed in its latest APT Activity Report shared with The Hacker News.
A lot has happened on the cyber front in Ukraine and Russia ever since the war began. Joining the bandwagon, on the behalf of Russian Sandworm APT, is a pack of five wiper malware, including the new Golang-based SwiftSlicer. The new wiper has been added to the VirusTotal database recently (submitted on January show more ...
Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop.
Security experts were hired to investigate the incident and it was revealed that names, addresses, dates of birth, and Social Security numbers were leaked during the attack.
A group, named Electronic Quds Force, is threatening companies’ engineers and workers and is inviting them to resign from their positions. The attacks are retaliation against the Israeli government and its policy against Palestinians.
Russian telecommunications regulator Roskomnadzor blocked access to the U.S. State Department’s Rewards for Justice website on Friday, alongside the sites for the Central Intelligence Agency and the Federal Bureau of Investigation.
Cybercrime groups are increasingly running their operations as a business, promoting jobs on the dark web that offer developers and hackers competitive monthly salaries, paid time off, and paid sick leaves.
Guardz today emerged from stealth mode with $10 million raised in a seed funding round led by Hanaco Ventures, with additional investment from iAngels, Cyverse Capital, and GKFF Ventures.
The UNC2565 hacker group appears to have restructured its GOOTLOADER (or Gootkit) malware by adding new components and implementing new obfuscation techniques. Gootkit is used by adversaries to drop additional malicious payloads, such as SunCrypt, REvil (Sodinokibi) ransomware, Kronos trojan, and Cobalt Strike, on compromised systems.
The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text.
The latest funding brings the total raised by the California company to $375 million and provides a growth-mode runway for Saviynt to establish a foothold in a very competitive marketplace.
U.S. government and industry authorities are warning the healthcare sector of a surge in distributed denial-of-service attacks in recent days against hospitals and other medical entities instigated by Russian nuisance hacking group KillNet.
Ubuntu Security Notice 5836-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Red Hat Security Advisory 2023-0553-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and show more ...
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
Red Hat Security Advisory 2023-0552-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and show more ...
Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.
Red Hat Security Advisory 2023-0554-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and show more ...
Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system show more ...
Red Hat Security Advisory 2023-0556-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and show more ...
Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server show more ...
PHPJabbers Business Directory Script version 3.2 suffers from a cross site scripting vulnerability.
PHPJabbers Auto Classifieds Script version 3.2 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5835-3 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.
Ubuntu Security Notice 5835-2 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that OpenStack Glance incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.
Ubuntu Security Notice 5835-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.
Ubuntu Security Notice 5833-1 - Sebastian Chnelik discovered that python-future incorrectly handled certain HTTP header field. An attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-0450-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat Security Advisory 2023-0540-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.
Red Hat Security Advisory 2023-0449-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.1.
Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.
Red Hat Security Advisory 2023-0544-01 - This patch, Camel for Spring Boot 3.14.5 Patch 1, serves as a replacement for the previous release of Camel for Spring Boot 3.14.5 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. This release of Camel for show more ...
Ubuntu Security Notice 5832-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the show more ...
Red Hat Security Advisory 2023-0530-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0536-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Red Hat Security Advisory 2023-0526-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Red Hat Security Advisory 2023-0499-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
To meet a pressing demand for industrial and OT security, zero-trust, device-level cybersecurity provider expands with strategic hires in new and established markets.
SysKit report highlighting effects of digital transformation on IT admins and governance landscape released.
Mentoring, scholarships, and professional development opportunities will be offered to those underrepresented in the industry through the collaboration.
Standard Investments leads round with participation from Munich Re Ventures, Moore Strategic Ventures, Bessemer Venture Partners, and Zeev Ventures.
Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1 and QuTS hero h5.0.1. "If exploited, this vulnerability allows remote attackers to inject
GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps. As a result, the company is taking the step of revoking the exposed certificates out of abundance of caution. The following versions of GitHub Desktop for Mac have been invalidated: 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6,
Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 99% of cases. It might sound ridiculous at first: keeping secrets is an obvious first thought when
The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET revealed in its latest APT Activity Report shared with The Hacker
A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically
Planet Ice, which operates 14 ice rinks up and down the UK, has revealed that criminal hackers managed to break into its systems and steal the personal details of over 240,000 customers. Read more in my article on the Hot for Security blog.
