At least 1,200 Redis servers worldwide have been infected with "HeadCrab" cryptominers since 2021.
The greatly expanding attack surface created by the cloud needs to be protected.
The January attack was in retaliation for the satirical French magazine's decision to launch a cartoon contest to lampoon Iran's Supreme Leader.
Apply these nine tips to proactively fight fraudulent websites that use your brand to rip people off.
Engineers can use the Cyber Resiliency Engineering Framework Navigator to visuzalize their cyber resiliency capabilities.
Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances.
Federal regulators hit multistate hospital system Banner Health with a $1.25 million HIPAA fine in the wake of a 2016 hacking breach that affected nearly 3 million individuals.
F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface.
The acquisition will strengthen both Radiant Logic and Brainwave GRC’s respective market positions as identity, analytics, and intelligence experts by offering a new data-centric governance capability and identity data intelligence platform.
It was discovered on January 30, 2023, by monitoring an open-source ecosystem. The package was published on January 26, 2023, the same day as its author, ‘Trexon’, joined the repository.
Experts at Check Point Research laid bare the secrets of a shellcode-based packer, dubbed TrickGate, assisting threat actors in deploying a range of malware such as TrickBot, Emotet, FormBook, Cerber, AZORult, Agent Tesla, Maze, and REvil. The malware stayed under the hood for six years owing to its transformative nature of undergoing changes periodically.
A former employee of Ubiquiti pleaded guilty on Thursday in a Manhattan federal courtroom on charges related to perpetrating an audacious insider attack on his employer, in which he accessed a trove of confidential data before demanding a ransom.
TgToxic has been targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps.
XSS Hunter is a popular open source tool for identifying cross-site scripting (XSS) bugs in websites. An online version was previously maintained by its creator Mandatory (Matthew Bryant).
Operators of the LockBit ransomware rolled out a new version of their malware, dubbed LockBit Green. It is the modified version of the ESXI ransomware variant and is created to launch attacks against cloud-based services. Moreover, researchers highlighted that the new LockBit variant has a significant overlap with the Conti(v3) ransomware, whose source code was leaked last year.
The loaders, dubbed MalVirt, are implemented in .NET and use virtualization through the legitimate KoiVM virtualizing protector for .NET applications, according to threat researchers with SentinelOne's SentinelLabs.
Automobile retailer Arnold Clark, in an update to customers, now reports that ransomware-wielding attackers who hit it over the holidays didn't just lock its systems; they also stole data.
The first of the two vulnerabilities is CVE-2022-21587 (CVSS score: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product.
A New Prilex PoS malware variant has been observed blocking NFC-enabled contactless credit card transactions and forcing users to insert credit cards for transactions. In fact, an attacker can configure the malware to capture card data only if it is a Black/Infinite or Corporate card. Retailers are suggested to use show more ... the right security solution in place in PoS modules to stop malicious code from tampering with the transactions.
The malware was first detected back in 2019 within a compromised Drupal environment. However, over the last few months, it appears to have surged in popularity among attackers. It tends to be uploaded into WordPress environments as a fake plugin.
Aqua Security researchers found a new malware, dubbed HeadCrab, that has infected over a thousand Redis servers since September 2021. Researchers found approximately 1,200 actively infected servers that it has been abusing to mine Monero cryptocurrency. HeadCrab uses state-of-the-art infrastructure that is largely undetectable by agentless and traditional anti-virus solutions.
The Information Commissioner’s Office (ICO) said that as long as CSPs – including mobile carriers and ISPs – report any incidents to it within 72 hours they will not be liable for a monetary fixed penalty of £1000 (~$1,213).
A data breach involving Vice Media leaked the sensitive information and financial data of more than 1,700 individuals, according to filings with Maine’s Attorney General.
Despite its enormous potential, information security experts have raised concerns over the possible use of ChatGPT by threat actors to launch attacks, including malware development and convincing social engineering scams.
According to security researchers at Avanan, threat actors have been exploiting ClickFunnels' ability to create pages with malicious links and ultimately conduct credential-harvesting attacks.
Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group, in particular, has demonstrated just how quick, easy, and lucrative it really is.
HPE noted a use-after-free vulnerability in its OneView infrastructure management platform that allows remote attackers to execute arbitrary code on targeted systems, leak data, or create conditions ripe for a DoS attack.
Launched in 2016, OSS-Fuzz is meant to help identify vulnerabilities in open-source software through continuous fuzzing, with a declared goal of making common software infrastructure more secure.
A new ransomware family called Nevada Ransomware has emerged on underground forums. The actors behind this variant, as experts with Resecurity confirmed, have an affiliate platform first introduced in the RAMP underground community. The group recently distributed an updated locker—written in Rust— supporting encryption of Windows and Linux/ ESXi systems.
Users of the GoAnywhere secure managed file transfer (MFT) software have been warned about a zero-day exploit that malicious actors can target directly from the internet.
Online gaming and gambling firms are once again under attack by a never-before-seen backdoor known as IceBreaker. According to security analysts at SecurityJoes, the malware’s compromise method relies on tricking customer service agents into opening malicious screenshots that the threat actor sent to appear as show more ... someone facing an issue. Notably, the operators aren’t believed to be native English speakers as they request to speak with Spanish-speaking agents.
The technique is an alternative to sneaking into documents VBA macros that fetch malware from an external source. Since Microsoft announced it would block the execution of VBA and XL4 macros in Office by default, attackers are finding alternatives.
Last year was the worst on record for cryptocurrency heists, with hackers stealing as much as $3.8 billion, led by attackers linked to North Korea who netted more than ever before, a U.S.-based blockchain analytics firm said in a report on Wednesday.
This Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory reads and writes.
Dirty Cow arbitrary file write local privilege escalation exploit for macOS.
This Metasploit module creates a local user with a username/password and root-level privileges. Note that a root-level account is not required to do this, which makes it a privilege escalation issue. Note that this is pretty noisy, since it creates a user account and creates log files and such. Additionally, most (if not all) vulnerabilities in F5 grant root access anyways.
Ubuntu Security Notice 5841-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user show more ... privileges. This issue was only fixed in Ubuntu 14.04 ESM. It was discovered that LibTIFF was incorrectly accessing a data structure when processing data with the tiffcrop tool, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Oracle Database version 12.1.0.2 suffers from a privilege escalation vulnerability that achieves DBA access via the Spatial component.
F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1 - 15.1.8 16.1.2.2 - 16.1.3, and 17.0.0 "A format string vulnerability exists in iControl SOAP
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 2 added two security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 (CVSS score: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product. "Oracle
Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity. "An
The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, Sherif
Cybersecurity is quickly becoming one of the most significant growth drivers for Managed Service Providers (MSPs). That's the main insight from a recent study from Lumu: in North America, more than 80% of MSPs cite cybersecurity as a primary growth driver of their business. Service providers have a huge opportunity to expand their business and win new customers by developing their cybersecurity
Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing the EV charging infrastructure. The issues have been identified in version 1.6J of the Open Charge
In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook.
