Open-source applications have firmly established themselves in the IT systems of large and medium-sized businesses. From dominating such segments as web servers, databases and analytics, open-source solutions are now also used extensively for containerization, machine learning, DevOps and, of course, software show more ...
Removing the ability to automate against a vulnerable API is a huge step forward, as automation is a key enabler for both the exploitation and the extraction of large amounts of sensitive data. The post Malicious Automation is driving API Security Breaches appeared first on The Security Ledger with Paul F. Roberts. show more ...
This is the latest in a line of law-enforcement actions busting up the ransomware scene.
As digital identity verification challenges grow, organizations need to adopt a more advanced and forward-focused approach to preventing hacks.
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
A team has found that the Crystals-Kyber encryption algorithm is open to side-channel attacks, under certain implementations.
The Android app unnecessarily accessed clipboard device contents, which often includes passwords and other sensitive data.
Trend Micro used machine learning web service Gender Analyzer V5 to analyze text written by 50 random users of the Russian-language XSS forum and 50 users of the English-language Hackforums site.
The email copy contained text composed to lure targets, mostly hotel staff, into clicking a Dropbox link that dropped malware. Also used were Bitly-shortened URLs that redirected to Dropbox links that contained malicious files.
The new EPA memo requires state governments to audit the cybersecurity practices of public water systems — and then use state regulatory authorities to force water systems to add security measures if existing ones are deemed insufficient.
Threat actors are exploiting the ongoing economic downturn using job-themed phishing and malware campaigns to target job seekers and employers to steal sensitive information and hack company recruiters.
As well as the $7.8m fine, BetterHelp will be banned from sharing any more consumer health data, including information on mental health issues, for the purposes of advertising, according to the terms of the order.
Sysdig discovered a sophisticated operation, named SCARLETEEL, targeting public-facing web apps running in a self-managed Kubernetes cluster hosted on AWS to steal proprietary data. Cybercriminals camouflage their campaigns as cryptojacking operations, however, their agenda is to steal sensitive data and credentials show more ...
Modesto confirmed that the February 3 breach of its Police Department's digital network was a ransomware attack and said that a number of people's personal information, including Social Security and driver's license numbers, may have been accessed.
A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year.
Trend Micro found PlugX RAT masquerading as an open-source Windows debugger tool, dubbed x32dbg, with an aim to evade security controls and gain control over the target system. Attackers use DLL side-loading to execute malicious code via the DLLs of the debugger tool, allowing attackers to bypass security restrictions and escalate privileges.
The experts have yet to determine the initial attack vector, they reported that FiXS utilizes an external keyboard (similar to Ploutus). It instructs the ATM to dispense money 30 minutes after the last ATM reboot.
An opposition-linked Polish mayor had his phone hacked using Pegasus spyware, Gazeta Wyborcza daily reported on Friday, amid allegations that the country's special services have used the technology against government opponents.
During the analysis of Wago PLCs, a researcher discovered several vulnerabilities in the web-based management interface designed for administering, commissioning and updating devices.
It is worth noting that, on January 19, PayPal began contacting nearly 35,000 users with a data breach notification, explaining that their accounts had been hacked between December 6th and 8th, 2022.
92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, according to Approov.
The operation consisted in raiding multiple locations in the two countries in February and was the result of a coordinated effort that also involved Europol, the FBI, and the Dutch Police.
Last month, Flutterwave, Africa’s largest startup by private valuation, was involved in a hack that resulted in over ?2.9 billion (~$4.2 million) missing from its accounts, according to local tech publication Techpoint Africa.
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available.
Personal information belonging to some 15,000 Denver Public Schools (DPS) employees was stolen in what the district is calling a "cybersecurity incident" that went on for a month.
RIG EK continues to make its mark as a successful exploit kit as it attempted to make roughly 2,000 intrusions daily, with the highest attack success rate of its lifetime of 30%. By exploiting relatively old Internet Explorer vulnerabilities, the exploit kit has been seen distributing various types of malware such as Dridex, SmokeLoader, and Raccoon Stealer.
Tracking devices are a boon to organizations with vast logistical operations and anyone who has ever lost a set of car keys. But trackers can also be a nightmare for cybersecurity, opening up a whole new world of opportunity for intruders.
While there was a reduction in the widespread exploitation of new vulnerabilities in 2022, the risk remains significant as broad and opportunistic attacks continue to pose a threat, according to Rapid7.
Municipal CISOs grapple with challenges as they become targets for nation-state threat actors, cope with regulations, and pursue funding from resource-constrained governments.
The new hacking campaign, which started in July 2022 and is still ongoing, relies on three components: a malicious bash script, a malware named "HiatusRAT," and the legitimate 'tcpdump,' used to capture network traffic flowing over the router.
There were 311 vulnerabilities in the catalog at the beginning of 2022 and it reached 868 by the end of the year. On average, more than ten exploited flaws were added to the KEV list every week in 2022.
EclecticIQ has revealed that a single connected threat cluster is most likely behind an attack campaign targeting the maritime industry with spearphishing emails to distribute different malware threats. In July 2022, the campaign shifted from Agent Tesla to Formbook using CAB file attachments. However, there’s not much clarity on why the cluster changed its tooling.
Researchers uncovered a new LockBit ransomware campaign last December and January using a novel technique involving the use of a .img container to bypass the Mark of The Web (MOTW) protection mechanism. LockBit remained one of the most active ransomware families in successful RaaS and extortion attacks for the second and third quarters of 2022.
Hackers in the underground marketplace have introduced a new Exfiltrator-22, or EX-22, post-exploitation framework. According to the CYFIRMA team, LockBit 3.0 affiliates or its members are most probably behind its development. The developers have used the same C2 infrastructure previously exposed in a LockBit 3.0 show more ...
According to a Tenable report, the number one group of most frequently exploited vulnerabilities represents a large pool of known vulnerabilities, some of which were originally disclosed as far back as 2017.
Symantec warned against the Chinese state-sponsored Winnti, aka APT41 and Blackfly, hacker group targeting two subsidiaries of an Asian conglomerate in the materials sector. The operation ran from late 2022 to early 2023, with a focus on intellectual property theft. Symantec has provided IOCs to detect and mitigate any threat due to the malicious activity of the Blackfly group.
Resecurity identified Digital Smoke, one of the largest investment scam networks, that has been defrauding netizens mostly from Europe, Asia, and Australia. The attackers impersonate Fortune 100 firms from the U.S. and the U.K. Most of the fraudulent schemes pertained to financial services, EV and EV batteries, oil show more ...
Agilebio Lab Collector version 4.234 suffers from a remote code execution vulnerability.
Red Hat Security Advisory 2023-1065-01 - The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2023-1064-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site request forgery, cross site scripting, and deserialization vulnerabilities.
Red Hat Security Advisory 2023-1066-01 - The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2023-1067-01 - The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2023-1068-01 - The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Issues addressed include a buffer overflow vulnerability.
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
Debian Linux Security Advisory 5369-1 - It was discovered that an integer overflow in the RFC3164 parser of syslog-ng, a system logging daemon, may result in denial of service via malformed syslog messages.
Debian Linux Security Advisory 5368-1 - It was discovered that the libreswan IPsec implementation could be forced into a crash/restart via malformed IKEv2 packets after peer authentication, resulting in denial of service.
Ubuntu Security Notice 5920-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute show more ...
Ubuntu Security Notice 5918-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP show more ...
Ubuntu Security Notice 5917-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute show more ...
Ubuntu Security Notice 5919-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute show more ...
Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to multiple use-after-free conditions.
Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload.
Purchase Order Management version 1.0 suffers from a remote SQL injection vulnerability.
A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU," Elena Dubrova, Kalle Ngo, and Joel Gärtner of KTH
Deep fakes are expected to become a more prominent attack vector. Here's how to identify them. What are Deep Fakes? A deep fake is the act of maliciously replacing real images and videos with fabricated ones to perform information manipulation. To create images, video and audio that are high quality enough to be used in deep fakes, AI and ML are required. Such use of AI, ML and image replacement
Law enforcement authorities from Germany and Ukraine have targeted suspected core members of a cybercrime group that has been behind large-scale attacks using DoppelPaymer ransomware. The operation, which took place on February 28, 2023, was carried out with support from the Dutch National Police (Politie) and the U.S. Federal Bureau of Investigation (FBI), according to Europol. This encompassed
Malicious actors can take advantage of "insufficient" forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident response
A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed HiatusRAT and a variant of tcpdump that makes it possible to capture packet capture on
Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! This move to the cloud has made it easier to scale up applications when they need to grow. However, there is a corollary to this: Budgeting! Chances are, you’re probably overspending. show more ...
