Data can leak from companies of every stripe. Some hold more of it, others less. Not every leaked database, it might seem, contains critical information. But can any leak ever be considered absolutely safe? Lets consider the example of food delivery services. What data gets leaked? Lets state straight away that show more ...
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered show more ...
Build a playbook for employees on how to handle suspicious communications, use mail filters, and screen and verify unfamiliar calls to bolster a defensive social engineering security strategy.
Vulnerabilities impact each industry differently, so each sector needs to think about its defenses and vulnerability management differently.
Mobile malware developers were busy bees in 2022, flooding the cybercrime landscape with twice the number of banking trojans than the year before.
The exposure and exploitation of hardcoded secrets continues to drive software supply chain attacks. One solution: zero new hardcoded secrets.
Cloud security vendor Wiz has raised $900 million since its founding in 2020.
The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China.
Infighting, conscription, emigration. The war in Ukraine has pitted cybercriminals against one another like no other event before it.
BitSight uncovered an advanced botnet that has been able to compromise thousands of systems in the U.S., India, Indonesia, and Iran. Dubbed MyloBot, its infrastructure has connections to BHProxies, a residential proxy service. The highly sophisticated malware was first spotted in the wild in 2017 and is known for its anti-analysis techniques.
SEKOIA has shared IOCs, along with YARA and Suricata rules, to detect a potential information-stealer named Stealc. Researchers have already identified more than 40 C2 domains and several dozens of malware samples, hinting that Stealc is already gaining popularity within the cybercrime community. To combat attacks show more ...
Security researchers at Menlo Labs laid bare an attack campaign featuring the PureCrypter downloader to target government entities. The evasive threat campaign is disseminated via Discord by an unidentified threat actor. The attack campaign leverages the domain of a compromised non-profit organization as a C2 channel to deliver its secondary payload.
The suspects, all young men aged between 18 and 21, are charged with stealing sensitive data from victim networks and demanding a ransom. It is believed that they attacked thousands of companies.
A group of hacktivists that goes online with the moniker CH01 defaced at least 32 Russian websites to mark a protest over the one-year anniversary of the Russian invasion. The news was also shared by the collective Anonymous through its accounts.
The war in Ukraine has seen the emergence of new forms of cyberattacks, and hacktivists became savvier and more emboldened to deface sites, leak information, and execute DDoS attacks, according to Trellix.
An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information.
Hackers were found distributing sophisticated DarkCloud Stealer info-stealer through various spam campaigns. The malware operates through a multi-stage process and is capable of collecting sensitive information from a victim’s computer or mobile device. The malware operators claim to target applications such as show more ...
According to researchers, the so-called "brotherhood" of Russian-speaking cybercriminals is yet another casualty of the war in Ukraine, albeit one that few outside of Moscow are mourning.
This incident occurred due to the misconfiguration of the folder settings, which led to the availability of the 2022-23 application files for admission to the program on the department’s website.
The threat landscape and organizations’ attack surfaces are constantly transforming, and cybercriminals’ ability to design and adapt their techniques to suit this evolving environment continues to pose significant risks to all businesses.
Get careful around the use of OpenAI's ChatGPT chatbot now as cybercriminals have started taking advantage of the hype around it. Security researcher Dominic Alvieri reported hackers attempting to infect visitors with the Redline info-stealing malware by posing as a download for a ChatGPT Windows desktop client. He also witnessed fake ChatGPT apps coercing users into installing bogus software.
PlugX, also known as Korplug, is a post-exploitation modular implant, which, among other things, is known for its multiple functionalities such as data exfiltration and its ability to use the compromised machine for nefarious purposes.
The seven-day event, led by the British Army, tested the response of participants to common and complex cyber scenarios, including attacks on networks and industrial control systems (ICS).
Among the game titles abused for adware distribution purposes are Elden Ring, ROBLOX, Dark Souls 3, Red Dead Redemption 2, Need for Speed, Call of Duty, Portal 2, Minecraft, Legend of Zelda, Pokemon, Mario Kart, Animal Crossing, and more.
The attackers compromised one of the company systems and had access to the emails and documents of some employees. Initial investigation into the hack revealed that the attack was carried out by a nation-state actor for cyber espionage purposes.
The widespread outage affects Dish.com, Dish Anywhere app as well as several websites and networks owned by the corporation. Customers also suggest the company's call center phone numbers are unreachable.
Gartner research shows that compliance-centric cybersecurity programs, low executive support, and subpar industry-level maturity are all indicators of an organization that does not view security risk management as critical to business success.
Over the last few days, scammers have been sending out phishing emails that disguise bogus URLs with something called Slinks—shortened Linkedin URLs. Now, they're being used in a scam based on Amazon's popular Prime membership.
Copenhagen’s health authority said on Twitter that although the websites for the hospitals were down, medical care at the facilities was unaffected by the attacks. It later added the sites were back online after “a couple of hours.”
A recently patched bug in the open-source Chromium browser project could allow malicious actors to bypass a security feature that protects sensitive cookies on Android browsers.
In particular, the software giant said this week that sysadmins should now include the Temporary ASP.NET files, Inetsrv folders, and the PowerShell and w3wp processes on the list of files and folders to be run through antivirus systems.
The attackers are usually careful to do nothing with the phishing domain until they are ready to initiate a vishing call to a potential victim. And when the attack or call is complete, they disable the website tied to the domain.
TA569 leverages many types of injections, traffic distribution systems (TDS), and payloads including, but not limited to, SocGholish. In addition to serving as an initial access broker, these injects imply it may be running a pay-per-install service.
An unidentified group of ransomware hackers, dubbed Nevada Group, has targeted the computer networks of almost 5,000 victims across the U.S. and Europe. Hackers ask for two Bitcoins (which is around $50,000) and their ransom notes are publicly visible. The CISA has released a simple workaround to nullify the attack, allowing some of the victims to regain their data.
Bitdefender disclosed an active malware campaign targeting Facebook and YouTube users with S1deload Stealer, using adult themes as bait. The new information stealer compromises user credentials and exploits system resources to mine BEAM cryptocurrency. The malware has the ability to propagate its malicious links to a show more ...
ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account.
ABUS Security Camera version TVIP 20000-21150 suffers from local file inclusion, hardcoded credential, and command injection vulnerabilities. When coupled together, they can be leveraged to achieve remote access as root via ssh.
kbase_csf_kcpu_queue_enqueue() locks the kctx->csf.kcpu_queues, looks up a pointer from inside that structure, then drops the lock before continuing to use the kbase_kcpu_command_queue that was looked up. This is a classic use-after-free pattern, where the lookup of a pointer is protected but the protective lock is then released without first acquiring any other lock or reference to keep the referenced object alive.
Ubuntu Security Notice 5890-1 - Qian Chen discovered that Open vSwitch incorrectly handled certain Organization Specific TLVs. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5892-1 - It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. A remote attacker could possibly use this issue to cause a NSS client to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. Christian Holler show more ...
Ubuntu Security Notice 5893-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5891-1 - Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. Harry Sintonen show more ...
Ubuntu Security Notice 5889-1 - It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use this issue to perform a cross-site scripting attack. This issue was only fixed in Ubuntu 16.04 ESM. It was discovered that ZoneMinder was not properly show more ...
Ubuntu Security Notice 5887-1 - Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary code. Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could possibly use this issue to expose sensitive information.
Ubuntu Security Notice 5886-1 - Erik C. Bjorge discovered that some Intel Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This may allow a privileged network-adjacent user to potentially escalate privileges. Cfir Cohen, Erdem Aktas, Felix Wilhelm, James show more ...
Red Hat Security Advisory 2023-0918-01 - Service Binding manages the data plane for applications and backing services.
Ubuntu Security Notice 5885-1 - Ronald Crane discovered integer overflow vulnerabilities in the Apache Portable Runtime that could potentially result in memory corruption. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code.
Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5363-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes.
pfBlockerNG version 2.1.4_26 remote code execution exploit.
Upgrades boost Edgio's ability to mitigate sophisticated threats and safeguard applications and data.
Vouched now covers more than 85% of the global population, as demand accelerates for its platform to securely automate KYC and KYP compliance to better serve patients and drive revenue.
New Zero Trust OT Security solution secures critical infrastructure without additional sensors.
The RIG exploit kit (EK) touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News. "Although it has yet to substantially change its exploits in its more recent activity, the type and
Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS (third-party) app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their efficiency or productivity, they rarely think twice before installing. Most employees don’t even realize
A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games," AhnLab Security Emergency response Center (ASEC) said in a report last week. ChromeLoader (aka
Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control (C2) to deliver a secondary payload," Menlo Security researcher
The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers Buddy
The Dutch police announced the arrest of three individuals in connection with a "large-scale" criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The arrests were made on January 23, 2023. It's estimated that the hackers stole personal data belonging
Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! The unmanageable number of vulnerabilities in the cloud is the worst-kept secret. The Sysdig 2023 Cloud-Native Security and Usage report found that 87% of container images have high or critical show more ...
Three men have been arrested by Dutch police in connection with ransomware attacks that blackmailed thousands of companies. Amongst them? An ethical hacker. Read more in my article on the Hot for Security blog.
Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! The unmanageable number of vulnerabilities in the cloud is the worst-kept secret. The Sysdig 2023 Cloud-Native Security and Usage report found that 87% of container images have high or critical show more ...
