Episode 285 of the Transatlantic Cable kicks off with yet more news around AI and the ever-interesting topic of ChatGPT. However, this time, the discussion starts with regulation and the CTO of Open AI believes that its inevitable. Moving to a more quirky story still involving AI, the team discuss a small team using show more ...
The authentication bypass used by the Nobelium group, best known for the supply chain attack on SolarWinds, required a massive, real-time investigation to uncover, Microsoft says.
Valve's unpatched JavaScript engine and incomplete modification vetting process for Steam-delivered mods led to user systems being backdoored.
A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security.
Members of the Health-ISAC can ingest threat indicators directly into Chronicle to investigate whether the threat is present in their environment.
Reddit code, internal documents, dashboards, and business systems were compromised in the cyberattack.
The US Treasury Department linked the notorious cybercrime gang to Russian Intelligence Services because cyberattacks that disrupted hospitals and other critical infrastructure align with Russian state interests.
Bridging the divide between developers and security can create a culture change organically.
Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.
Although it is still early in the investigation and the company has not released any information about the method used to breach its systems, the hackers may have used data collected by information-stealing malware to gain access to Indigo’s network.
A highlighted security feature in Android 14 is to block the installation of malicious apps that target older API levels (Android versions), which allows easier abuse of sensitive permissions.
The smartphones analyzed by the researchers were observed sending data to the device vendor and the Chinese mobile network operators (e.g., China Mobile and China Unicom), even though they do not provide any service to the device.
A single malware author published several packages with entirely different names but with similar codes designed to launch attacks. Authors can execute attacks with a single python script, such as stealing sensitive data using webhooks on Discord.
The security firm reports seeing Portuguese used as a language in the JavaScript code comments and variables, while the root page of the blogger domain mimics a Brazilian dessert business.
Reddit says they learned of the breach after the employee self-reported the incident to the company. Investigating the incident Reddit says the stolen data includes limited contact information for company contacts and current and former employees.
If a user enters any of the bogus domain names in a browser, it will be redirected to a real URL shortening service: Bitly, Cuttly, or ShortUrl.at, which makes it look like they are just alternative domains for the well-known services.
The threat actor targets victims using phishing emails that include Microsoft Publisher (.pub) attachments with malicious macros, URLs linking to .pub files with macros, or PDFs containing URLs that download dangerous JavaScript files.
The goal to offer newer methods around the vulnerability management process came after Bettini ran the Tenable research team, where he led developers to write detection code for all Tenable products but faced prioritization challenges.
The top countries affected by tech support scams are the United States, Brazil, Japan, Canada, and France. These scams typically start with a pop-up window claiming a malware infection and urging the person to call a helpline for resolution.
The latest sanctions mean the seven individuals had their assets frozen, travel bans imposed, and are barred from transacting with U.S. organizations. That also bars Americans from paying any ransom to the sanctioned entities.
Single vendor shops have also emerged as an alternative to large marketplaces, allowing vendors to save on the fees that would otherwise go to the admins of markets like Hydra.
The attackers were able to access and disable some of the school’s systems, and officials disconnected part of the network that were affected before hiring cybersecurity specialists to help with the response.
The technical write-up by ReversingLabs threat researchers Lucija Valentic and Karlo Zanki says the malicious package consisted of two files, one obfuscated via the JavaScript obfuscator.
For many, CVSS from FIRST has been the driving force in that process. One of the major objectives behind the calculation of the actual CVSS number is to ensure standardization so all CVEs are scored consistently and can be accurately compared.
Apple said in its response that it was "particularly concerned by some of the remedy options that the CMA is now considering in relation to cloud gaming, which appear to fall outside the underlying basis for the market investigation."
The lack of vendor patches may be compounding cyber risk for industrial asset owners in critical sectors like transportation and utilities. Even when they’re available, security updates in these environments aren’t always easy to apply.
Attack chains mounted by the hacking crew entail the exploitation of known security flaws in Apache Log4j, SonicWall, and TerraMaster NAS appliances to gain initial access, followed by reconnaissance, lateral movement, and ransomware deployment.
Ubuntu Security Notice 5865-1 - It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, show more ...
Ubuntu Security Notice 5862-1 - It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, show more ...
Ubuntu Security Notice 5861-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP show more ...
Ubuntu Security Notice 5860-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the show more ...
Ubuntu Security Notice 5863-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP show more ...
Ubuntu Security Notice 5848-1 - David Leadbeater discovered that less was not properly handling escape sequences when displaying raw control characters. A maliciously formed OSC 8 hyperlink could possibly be used by an attacker to cause a denial of service.
Ubuntu Security Notice 5858-1 - Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Netronome Ethernet driver in show more ...
Ubuntu Security Notice 5859-1 - Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Netronome Ethernet driver in show more ...
Ubuntu Security Notice 5857-1 - Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5856-1 - Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Hu Jiahui discovered that multiple race conditions existed show more ...
Ubuntu Security Notice 5855-1 - It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images.
Red Hat Security Advisory 2023-0713-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. Data Grid 8.4.1 replaces Data Grid 8.4.0 and includes bug fixes and enhancements. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2023-0573-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.55. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-0708-01 - Red Hat OpenShift Serverless Client kn 1.27.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.
Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.
ChiKoi version 1.0 suffers from a directory traversal vulnerability.
ChiKoi version 1.0 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5853-1 - It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service or possibly show more ...
Ubuntu Security Notice 5854-1 - It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, show more ...
Monitorr version 1.7.6 remote shell upload proof of concept exploit written in Python.
Ubuntu Security Notice 5850-1 - It was discovered that the Bluetooth HCI implementation in the Linux kernel did not properly deallocate memory in some situations. An attacker could possibly use this cause a denial of service. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not show more ...
Ubuntu Security Notice 5851-1 - It was discovered that a memory leak existed in the Unix domain socket implementation of the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the Bluetooth HCI implementation in the Linux kernel did not properly deallocate memory in some situations. An attacker could possibly use this cause a denial of service.
Ubuntu Security Notice 5852-1 - It was discovered that OpenStack Swift incorrectly handled certain XML files. A remote authenticated user could possibly use this issue to obtain arbitrary file contents containing sensitive information from the server.
Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "sophisticated and highly-targeted phishing attack" that took place on February 5, 2023, targeting its employees. The attack
In a first-of-its-kind coordinated action, the U.K. and U.S. governments on Thursday levied sanctions against seven Russian nationals for their affiliation to the TrickBot, Ryuk, and Conti cybercrime operation. The individuals designated under sanctions are Vitaly Kovalev (aka Alex Konor, Bentley, or Bergen), Maksim Mikhailov (aka Baget), Valentin Karyagin (aka Globus), Mikhail Iskritskiy (aka
State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. The attacks, which demand cryptocurrency ransoms in exchange for recovering access to encrypted files, are designed to support North Korea's
Here are three of the worst breaches, attacker tactics and techniques of 2022, and the security controls that can provide effective, enterprise security protection for them. #1: 2 RaaS Attacks in 13 Months Ransomware as a service is a type of attack in which the ransomware software and infrastructure are leased out to the attackers. These ransomware services can be purchased on the dark web from
Four different rogue packages in the Python Package Index (PyPI) have been found to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorized_keys file. The packages in question are aptx, bingchilling2, httops, and tkint3rs, all of which were collectively downloaded about 450 times before they were taken down. While
A Dallas state agency has admitted to paying $170,000 to hackers after it suffered an attack from the Royal ransomware group. Read more in my article on the Hot for Security blog.
Want to sell some cocaine, ecstasy (MDMA), crystal meth, or magic mushrooms? Twitter could be the place for you. And the site isn't going to do anything to shut down your account.
