In episode 289 of the Transatlantic Cable, the team look at four new stories to tempt your earbuds. This week kicks off with news that TikTok are implementing a 60-minute time limit for users under 18. Following that, discussion moves to further developments around FTX, this time about their missing $9 billion. To show more ...
Storing corporate and personal information, accounts, and files on separate devices is one of the most popular (and effective!) tips for information security. Many companies set this as a mandatory requirement for all employees. A natural extension of such policy is prohibiting data sharing between work and home show more ...
A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation show more ...
Users should patch an unauthenticated remote code execution bug impacting FortiOS and FortiProxy administrative interfaces ASAP, Fortinet says.
AT&T is notifying customers of a Customer Proprietary Network Information compromise, exposing years-old upgrade details.
These agile controls and processes can help critical infrastructure organizations build an ICS security program tailored to their own risk profile.
Much like a hostage's proof-of-life video, the ransomware gang offers the film as verification that it has the goods, and asks $1 million for the data.
With more than 700,000 cybersecurity jobs available, now is a good time to consider a career change.
The threat actor who posted the data for sale has claimed credit for multiple other breaches, including one at grocery platform Weee! that exposed data on more than 1.1 million customers.
More than five out of every 1,000 commits to GitHub included a software secret, half again the rate in 2021, putting applications and businesses at risk.
IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved.
A top Iranian, state-sponsored threat is a spear-phishing campaign that uses a fake Twitter persona to target women interested in Iranian political affairs and human rights.
A hacking group defaced the tourist website for the Faroe Islands – a self-governing territory of the Kingdom of Denmark — and claimed it stole employee data and other sensitive information.
Threat actors really only stop when their infrastructure is disrupted and their flow of funds disappears, and this normally can only be achieved through the activities of U.S. law enforcement agencies and major commercial data hosting providers.
Airport and aircraft operators are required to develop a plan for improving their resilience and preventing infrastructure disruption and degradation. In addition, they need to assess the effectiveness of their measures.
The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively christened CorePlague by cloud security firm Aqua. All versions of Jenkins versions prior to 2.319.2 are vulnerable.
LSA protection is crucial for safeguarding against the theft of sensitive information or login credentials by blocking untrusted code injection into the LSA process and blocking process memory dumping.
The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and sensitive personal information was stolen from DC Health Link's servers.
To help tackle the skills deficit in cloud security, the SANS Institute and Google have launched a new academy focused on providing scholarship-based training for underrepresented groups.
On March 7, the Medusa ransomware group added the school district to its list of victims, giving them 10 days to pay a ransom before data stolen from the school was leaked.
DeepStreamer used different techniques to evade detection and forge traffic by surreptitiously loading “money sites” filled with Google ads completely hidden from view, while internet users were watching movies.
During a conference call on Tuesday, company executives were asked whether they could recover any of the disruption amounts later in the year through supplier recovery or insurance coverage.
ASEC researchers have reported the active distribution of the GlobeImposter ransomware by the threat actors behind MedusaLocker that used remote desktop protocols as an attack vector. Besides other malware, hackers also deployed an XMRig CoinMiner to compromised systems. Security experts suggest users should ensure that RDP is deactivated when not in use.
Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems.
A BlackMamba proof-of-concept attack was demonstrated by researchers. The technology on which ChatGPT is built, the large language model (LLM), was used to create a polymorphic keylogger functionality on the fly. The malware was tested against a renowned EDR system and resulted in absolutely no alerts or detections.
It’s not clear if this particular persona’s efforts resulted in any successful phishing attacks. The Twitter account, created in October 2022, remains active. An Instagram account associated with the name is unavailable.
Exotic Lily is an initial access broker who specializes in gathering credentials from high-value targets through employee impersonation, deep open-source intelligence (OSINT), and by creating convincing malicious documents.
Russia-linked TA499 threat actor has been aggressively conducting email campaigns to target high-profile European and North American government authorities and CEOs of reputable organizations. The attack begins with an email or phone call, masquerading as prominent political figures. The phone call recordings are then released to the public via YouTube and RuTube.
In the attacks observed by ASEC, successful exploitation of the flaws is followed by the execution of a PowerShell command that retrieves an executable and a DLL file from a remote server.
The threat intelligence vendor Flashpoint warned that threat actors are increasingly combining known vulnerabilities, stolen credentials, and exposed data to wreak maximum damage.
Suspected Chinese cybercriminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant.
The London-based company said Series B financing was led by Eurazeo, a French investment and asset management firm. Ten Eleven Ventures, a prior backer, also expanded its equity stake.
Bitwarden's credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people's credentials and send them to an attacker.
An interior ministry spokesperson on Tuesday confirmed that the German government was carrying out a general review of telecoms tech suppliers, but said that this was not directed at specific manufacturers.
An unauthenticated attacker can exploit the vulnerability to obtain the credentials stored in the VeeamVBR configuration database and use them to access backup infrastructure hosts.
The Series B round was led by Energy Impact Partners and Paladin Capital Group, along with participation from KPN Ventures, Lapa Capital Partners, Lanx Capital, and Cisco Investments.
ScrubCrypt obfuscates and encrypts applications and makes them able to dodge security programs. It has an updated version, and the seller’s webpage guarantees that it can bypass Windows Defender and provide anti-debug and some bypass functions.
Michael Pezullo, currently serving as the secretary of the Department of Home Affairs, said the Russian Federation hosted “the greatest density of cybercriminals, particularly those with ransomware,” in the world.
Researchers observed a notable spike in emails utilizing malicious OneNote attachments, especially to drop Qakbot or QBot. Operators have apparently reorganized its infrastructure to target specific regions and industries.
Ubuntu Security Notice 5939-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute show more ...
Red Hat Security Advisory 2023-1177-01 - A security update for Red Hat Integration Camel Extensions for Quarkus 2.7-1 is now available. Issues addressed include denial of service and information leakage vulnerabilities.
Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.
Ubuntu Security Notice 5938-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute show more ...
Red Hat Security Advisory 2023-0931-01 - Update information for Logging Subsystem 5.4.12 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
Real Time Automation 460MCBS version 5.2.14 suffers from a cross site scripting vulnerability.
Webpower UPS version 5.53 suffers from an HTTP denial of service vulnerability.
Red Hat Security Advisory 2023-1006-01 - This release of Red Hat build of Quarkus 2.7.7 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, denial of service, deserialization, information leakage, memory leak, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-0932-01 - Update information for Logging Subsystem 5.6.3 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Security Advisory 2023-1170-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
Red Hat Security Advisory 2023-0930-01 - Update information for Logging Subsystem 5.5.8 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
Wondershare Dr Fone version 12.9.6 suffers from a weak service permission vulnerability that can allow for privilege escalation.
VX Search version 13.8 suffers from an unquoted service path vulnerability.
Unmanaged devices pose a significant challenge and risk for many organizations. Here are the five reasons you should care about unmanaged devices and assets.
New premium service provides all-in-one personal protection beyond device security to include identity restoration and unlimited 24/7 tech support.
Study underscores the clear and pressing need for real-time physical and cyber threat alerts for effective enterprise risk management and business resilience.
This strategic partnership highlights the importance of breach prevention and creating a proactive security culture.
Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. "A buffer underwrite ('buffer underflow') vulnerability in
The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell script that contains ScrubCrypt. Crypters are a type of software that can encrypt,
A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8), according to
Phishing, the theft of users' credentials or sensitive data using social engineering, has been a significant threat since the early days of the internet – and continues to plague organizations today, accounting for more than 30% of all known breaches. And with the mass migration to remote working during the pandemic, hackers have ramped up their efforts to steal login credentials as they take
Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S. think tank. "Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News. The cybersecurity
Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems. This includes the Sliver post-exploitation framework, XMRig cryptocurrency
Scammers get pwned by a Canadian granny! Don't be seduced in a bar by an iPhone thief! And will the US Marshals be able to track down the villains who stole their data? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham show more ...
The US Transportation and Security Administration (TSA) has issued new requirements for airport and aircraft operators who, they say, are facing a "persistent cybersecurity threat." Read more in my article on the Tripwire State of Security blog.
