In the summer of 2022, cybersecurity expert David Schutz was returning home after a long day on the road. His Google Pixel 6 smartphone was running out of juice: by the time David finally got home, it was down to 1%. And as luck would have it, the phone turned off in the middle of messaging. Schutz found his charger show more ...
KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling show more ...
Lazarus Group used a known Zimbra bug to steal data from medical and energy researchers.
For the moment, victims can decrypt data without paying a ransom. But Clop is a ransomware variant that has caused havoc on Windows systems, so that's bound to change.
A tax variable in the software implementing the Dingo Token allows the creators to charge 99% in fees per transaction, essentially stealing funds, an analysis finds.
New tech often requires new thinking — but that's harder to install.
Security pros need to look beyond user education to find and disarm fraudulent actors.
Three ways to stay safe in an economically uncertain 2023.
Security teams should use a blocklist containing tens of thousands of proxy IP addresses used by the pro-Russian hacktivist group to defend their organizations from DDoS attacks.
The global assault on vulnerable VMware hypervisors may have been mitigated by updating to the latest version of the product, but patch management is only part of the story.
A broken access control vulnerability could have led to dangerous follow-on attacks for users of the money-management app.
Emerging risks and trends need to be monitored, but cybersecurity challenges can be fixed with a focus on the fundamentals.
New malware demonstrates how threat actors are pivoting toward payment platform attacks, researchers say.
A critical vulnerability affecting wireless communication base stations from Baicells Technologies can be exploited to cause disruption in telecom networks or take complete control of data and voice traffic, according to a researcher.
WithSecure researchers spotted a new campaign, dubbed No Pineapple, by North Korean Lazarus hackers targeting energy and medical research sectors with the Acres RAT. Lazarus gains access to a flawed Zimbra mail server by abusing RCE flaws tracked as CVE-2022-27925 and CVE-2022-37042.
A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software.
"This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms," OpenSSH disclosed in its release notes on February 2, 2023.
Zscaler’s ThreatLabz disclosed details about a new infostealer AveMaria RAT that targets sensitive data with added capabilities of remote camera control and privilege escalation. Over the past six months, the operators behind the info-stealer have been making significant additions to the execution stages to infect show more ...
The company said it has notified law enforcement authorities while it investigates and assesses the impact of the incident by engaging “appropriate incident response professionals.”
The takedown did not result in criminal arrests of any individuals involved or affiliated with Hive, and the predominant assumption is that the Hive members will regroup or splinter to join other ransomware groups.
Trend Micro experts took the wraps off of an ongoing campaign that has been targeting Android users in Southeast Asia since July 2022. It involves embedding a trojan they named TgToxic for harvesting user data from multiple fake finance and banking apps, including cryptocurrency wallets. The samples of the malware have been identified in Taiwan, with its phishing lures detected in Thailand and Indonesia as well.
Over the course of 2022, the NSIS scripts used to deliver GuLoader are said to have grown in sophistication, packing in additional obfuscation and encryption layers to conceal the shellcode.
An encrypted messaging service that has been on law enforcement's radar since a 2019 raid on an old NATO bunker has been shut down after a sweeping series of raids across Europe last week.
There did not appear to be any broader fallout from the hacking incident. Nate Fick uses the account sparingly and instead promotes his work through an official State Department account.
Sunlogin security holes are being used by a new hacking effort to launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks and distribute the Sliver post-exploitation toolkit. The exploitation of the flaw leads to the installation of Gh0st RAT. However, in some cases, hackers installed XMRig CoinMiner instead of Gh0st RAT.
CERT-FR was the first to notice and send an alert about the attack. Italy’s National Cybersecurity Agency (ACN) and Cyber Security Agency of Singapore have also issued warnings for organizations to take immediate action to protect their systems.
Biden’s announcement also included new leadership for NSTAC. Scott Charney, VP for Security Policy at Microsoft, will chair the committee, while Jeffrey Storey, former President and CEO at Lumen Technologies will serve as vice-chair.
The British manufacturer confirmed that the incident “involved unauthorized access to our systems,” although it did not provide further details on what the access was or what kind of cyber actor may have been responsible.
The Berkeley County Schools suffered a network outage which affected IT operations across the school system, WV Metro News reported. Personal data on the students may have been harvested in the cyberattack.
The zero-day vulnerability allows attackers to perform remote code execution attacks on vulnerable GoAnywhere MFT instances whose administrative console is exposed online.
Sharp HealthCare, San Diego’s largest health provider, announced Monday that it has begun notifying 62,777 of its patients that some of their personal information was compromised during an attack on the computers that run its website, sharp.com.
The LockBit ransomware operation has claimed the cyberattack on UK's leading mail delivery service Royal Mail that forced the company to halt its international shipping services due to "severe service disruption."
The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process.
Debian Linux Security Advisory 5342-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.
Ubuntu Security Notice 5843-1 - It was discovered that tmux incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
Red Hat Security Advisory 2023-0565-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.26.
WordPress Metform Elementor Contact Form Builder plugin versions 3.1.2 and below suffer from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2023-0566-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.26. Issues addressed include denial of service and out of bounds read vulnerabilities.
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
Debian Linux Security Advisory 5341-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted show more ...
Red Hat Security Advisory 2023-0608-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1.
Red Hat Security Advisory 2023-0603-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1.
Debian Linux Security Advisory 5340-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Red Hat Security Advisory 2023-0606-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1.
Red Hat Security Advisory 2023-0599-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only show more ...
Red Hat Security Advisory 2023-0602-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1.
Red Hat Security Advisory 2023-0596-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only show more ...
101news By Mayuri K version 1.0 suffers from multiple remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-0609-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only show more ...
Red Hat Security Advisory 2023-0610-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only show more ...
Red Hat Security Advisory 2023-0607-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1.
Material Dashboard version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Red Hat Security Advisory 2023-0594-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0611-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only show more ...
This python script is a fuzzer for the NDC protocol. The NDC protocol enables international and local payment transactions in cash as well as with bank cards. NDC permit Terminals "ATMS" to send unsolicited requests to the Server "NDC Server". This script sends fuzzed requests to the server in order to discover memory related security flaws.
Red Hat Security Advisory 2023-0601-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1.
Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control (C2) framework for carrying out post-exploitation activities. The findings come from AhnLab Security Emergency response Center (ASEC), which found that security vulnerabilities in Sunlogin, a remote desktop program developed in China, are being abused to deploy a wide range of payloads. "Not
With cyberattacks around the world escalating rapidly, insurance companies are ramping up the requirements to qualify for a cyber insurance policy. Ransomware attacks were up 80% last year, prompting underwriters to put in place a number of new provisions designed to prevent ransomware and stem the record number of claims. Among these are a mandate to enforce multi-factor authentication (MFA)
The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom," SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News.
VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. "Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware
A joint law enforcement operation conducted by Germany, the Netherlands, and Poland has cracked yet another encrypted messaging application named Exclu used by organized crime groups. Eurojust, in a press statement, said the February 3 exercise resulted in the arrests of 45 individuals across Belgium and the Netherlands, some of whom include users as well as the administrators and owners of the
