The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while show more ...
Led by growth in Russia, more than 40% of global ICS systems faced malicious activity in the second half of 2022.
A state-backed threat actor impersonates political figures, tricking a prime minister, a former US president, and several European mayors and MPs into video calls later used in an anti-Ukraine influence campaign.
Using a risk-based approach to deal with policy violations and continuous compliance monitoring will help avoid data exposures and fines.
Cisco’s acquisition of cloud-native firewall provider Valtix and HPE’s deal to buy SSE provider Axis Security fill gaps in their existing portfolios.
Will stricter cybersecurity requirements make flying safer? The TSA says yes, and sees it as a time-sensitive imperative.
It's getting hard to buy cyber insurance, but not having it is not always an option. Low-coverage plans could bridge the gap.
More than two years after a major takedown by law enforcement, the threat group is once again proving just how impervious it is against disruption attempts.
Researchers warn that polymorphic malware created with ChatGPT and other LLMs will force a reinvention of security automation.
Researchers at Quarkslab unveiled two bugs in the Trusted Platform Module (TPM) 2.0 reference library specification. The attacks could potentially lead to information disclosure or privilege escalation. The first bug, CVE-2023-1017, concerns an out-of-bounds write while the other bug, CVE-2023-1018, is an show more ...
Uptycs researchers spotted a new malware campaign targeting cryptocurrency companies with Parallax RAT. It can collect system metadata and data stored in the clipboard. Once the malware has been successfully injected, attackers interact with the victims by asking questions and sharing their Telegram ID via Notepad for further communication.
According to VulnCheck, the KEV Catalog comprises 868 bugs, including 557 added in the past year. Among these, 241 have been abused by APT actors, 122 by ransomware gangs, and 69 by botnets. Another report by Tenable categorized significant vulnerability data to identify the most significant risks and disrupt attack paths, thereby reducing the overall exposure to cyberattacks.
Experts at Lumen Black Lotus Labs stumbled across a campaign dubbed Hiatus dropping a pair of payloads to infect business routers. The payloads include HiatusRAT and a variant of tcpdump (which enables packet capture on the target device). With HiatusRAT, criminals can turn a compromised machine into a secret proxy show more ...
This is according to Victor Zhora, deputy chairman and chief digital transformation officer of the SSSCIP of Ukraine, who explained the strategic change from disruptive attacks to cyber espionage to Infosecurity.
The Emotet malware operation is again sending malicious spam emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide.
Deep Instinct, the first company to apply deep learning to cybersecurity, today announced an investment from PayPal Ventures. The funding will help further accelerate Deep Instinct's growth, driven by its disruptive threat prevention technology.
Cybersecurity analysts at Cybel reported on R3NIN, an online skimmer, that pilfers payment card data and PII from unsuspecting individuals while they checkout from online shops. This toolkit has capabilities for creating unique JavaScript injection codes, managing exfiltrated data, managing compromised payment card info (across different browsers), checking BINs, parsing data, and generating statistics.
The most critical of the three is CVE-2022-35914, which concerns a remote code execution vulnerability in the third-party library htmlawed present in Teclib GLPI, an open-source asset and IT management software package.
In December 2022, a private loader named “AresLoader” was advertised for sale on the top-tier Russian-language hacking forum XSS by a threat actor going by the name “DarkBLUP”.
BlackLotus bootkit has been discovered interfering with UEFI Secure Boot, a crucial platform security feature, that can run even on fully up-to-date Windows 11 systems. The robust, persistent 80 KB toolkit was created in Assembly and C language. To prevent infecting computers in Armenia, Belarus, Kazakhstan, Moldova, Romania, Russia, and Ukraine, it also has geofencing capabilities.
Iron Tiger, an APT organization, has updated its SysUpdate RAT by incorporating additional functionality and support for malware infection to target the Linux OS. Experts suspect APT27 used the chat app Youdu to send malicious links to the employees, luring them into downloading the initial infection payloads. show more ...
Attacks exploiting cloud systems nearly doubled in 2022, and the number of hacking groups that can target the cloud tripled last year, according to a CrowdStrike report released last week.
Security researchers at Kroll laid bare a malicious PyPI package called Colour-Blind. The malware package is a fully-featured info-stealer RAT with a plethora of features and capabilities, including the theft of crypto wallet data. According to researchers, the malware "points to the democratization of cybercrime" to help adversaries develop their own variations based on the shared source code.
The threat actor’s campaigns attempt to convince high-profile North American and European government officials as well as CEOs of prominent companies and celebrities into participating in recorded phone calls or video chats.
Security analysts at Metabase Q uncovered the new FiXS ATM malware that targets Mexican bank customers. Though the initial attack vector is unclear as of now, analysts have discovered hackers using an external keyboard, like in Ploutus attacks. The FiXS malware releases money 30 minutes after the latest ATM reset, leveraging the Windows GetTickCount API.
The Chinese threat actors reportedly leveraged “valid credentials” to compromise ASEAN’s Microsoft Exchange servers, which used mail.asean.org and auto.discover.asean.org domains.
The app was found to send the contents of the clipboard to a remote server if a particular pattern was present, though it is not clear whether there was any malicious intent behind the behaviour.
Using AI-generated polymorphic malware, a threat actor can combine a series of typically highly detectable behaviors in an unusual combination and evade detection by exploiting the model’s inability to recognize it as a malicious pattern.
A cryptojacking operation was found using an authentic, open-source command-line file transfer service to carry out its attack against misconfigured Redis database servers. Although the objective of the campaign is to mine cryptocurrencies, the script performs several additional tasks to ensure the effective show more ...
As part of an ongoing social engineering campaign, the China-aligned Mustang Panda threat group has been seen using a previously unknown custom backdoor dubbed MQsTTang. It’s unclear who the cybercriminals are targeting. A rare observation in the implant is the use of MQTT, an IoT messaging protocol, for C2 communications.
A spokesperson for the school told The Record that they did not know if the attack was ransomware, and claimed they “do not have evidence of any personal data being compromised.” On Tuesday, the school confirmed it would not open for the day.
A total of 24 of the addressed security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues.
A severe vulnerability in the Toyota Customer 360 customer relationship management (CRM) platform allowed a security researcher to access the personal information of the car maker’s customers in Mexico.
The exploited vulnerability, tracked as CVE-2022-27228, affects the ‘Polls, Votes’ module of the Bitrix Site Manager application. The security hole allows a remote, unauthenticated attacker to execute arbitrary code.
The February 9 attack disrupted operations at several member companies, including Delaware Life Insurance; Delaware Life Insurance Company of New York; Clear Spring Life and Annuity; Clear Spring Property and Casualty; and Clear Spring Health.
The NIST strengthened its cybersecurity efforts on Tuesday by renewing its partnerships with the state of Maryland and Montgomery County that underpin the National Cybersecurity Center of Excellence (NCCoE).
The new Sharp Panda campaign uses spear-phishing emails with malicious DOCX file attachments that deploy the RoyalRoad RTF kit to attempt to exploit older vulnerabilities to drop malware on the host.
Researchers at Trellix Advanced Research Center have detected various campaigns that use OneNote documents to distribute Qakbot and other malware such as AsyncRAT, Icedid, and XWorm.
It uses spear-phishing emails for initial access, carrying malicious documents with government-themed lures. It further deploys the RoyalRoad RTF kit, allowing attackers to exploit older vulnerabilities for further infection.
Morphisec researchers have been tracking this info-stealer since November 2022. This campaign uses lures and loading tactics similar to another info-stealer named S1deload, however, the final payload delivered is different.
The attack occurred on February 17, causing technical difficulties for the facility. The care institution announced the breach via its website and attributed the problem to a group that had gained unauthorized access to its network.
The attack in February forced the Israel Institute of Technology (Technion) to postpone exams and shut down its IT systems. The incident followed what Israeli defense officials said were dozens of attempted Iranian cyberattacks over the past year.
Analysis in 2021 by The Citizen Lab concluded that TikTok collects types of data similar to what other social media platforms collect - and also said that "the general privacy standards for social platforms is not a high bar."
The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year.
Ubuntu Security Notice 5936-1 - Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges.
Ubuntu Security Notice 5937-1 - It was discovered that Opusfile was not properly validating pointer arguments in some of its functions, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts.
Red Hat Security Advisory 2023-1109-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
Red Hat Security Advisory 2023-1151-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Red Hat Security Advisory 2023-1110-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Red Hat Security Advisory 2023-1140-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 5932-1 - It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, show more ...
Ubuntu Security Notice 5933-1 - Francisco Falcon discovered that Libtpms did not properly manage memory when performing certain cryptographic operations. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that Libtpms did not properly manage show more ...
Ubuntu Security Notice 5935-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute show more ...
Debian Linux Security Advisory 5370-1 - Ronald Crane discovered that missing input saniting in the apr_encode functions of apr, the Apache Portable Runtime library, may result in denial of service or potentially the execution of arbitrary code.
Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel show more ...
Red Hat Security Advisory 2023-1130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.
For International Women's Month, new ongoing initiative is aimed at celebrating women and bringing visibility to those making cybersecurity history.
Organizations in both industries are falling short when addressing new challenges to protect data in the cloud, finds Blancco report.
Confidential computing will revolutionize cloud security in the decade to come and has become a top C-level priority for industry leaders such as Google, Intel and Microsoft. Edgeless Systems is leading these advancements to ensure all data is always encrypted.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability
The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the
High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the group's attack chains observed in 2021. Israeli cybersecurity company Check Point said the "
As threats grow and attack surfaces get more complex, companies continue to struggle with the multitude of tools they utilize to handle endpoint security and management. This can leave gaps in an enterprise's ability to identify devices that are accessing the network and in ensuring that those devices are compliant with security policies. These gaps are often seen in outdated spreadsheets that
A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively christened CorePlague by cloud security firm Aqua. All versions of Jenkins versions prior to 2.319.2 are
