E-mail scams come in all shapes and sizes, with new ones keep appearing every day. No wonder, since this has always been the easiest and cheapest way to con people online — even for attackers who lack technical skills. In fact, all they need is a smidgen of both cunning and imagination. Today, we look at a crafty show more ...
The 'ChipMixer' cryptocurrency service for cybercriminals was shut down by law enforcement, and its alleged operator has been charged.
The challenges are steep, but school districts can fight back with planning.
Here is a cautionary tale of what happens if side-projects or sections of the website becomes obsolete. If you don't remove them, someone might hijack your subdomain.
After years of relative stability and steady growth, Omdia research indicates the NDR segment is poised for rapid change.
The ransomware group has already claimed 116 victim organizations so far on its site, and it continues to mature as a thriving cybercriminal business, researchers said.
The Russian APT29 threat group abused multiple legitimate systems, including LegisWrite and eTrustEx, which are used by EU nations for exchanging info and data in a secure way.
While massive public data breaches rightfully raise alarms, the spike in malware designed to exfiltrate data directly from devices and browsers is a key contributor to continued user exposure, according to SpyCloud.
'Pig Butchering' cryptocurrency investment schemes increasingly target Americans; over $2 billion in cryptocurrencies were stolen by hackers in the U.S. last year. The fraudsters approach victims via dating platforms, messaging apps, or social media platforms to introduce themselves. The FBI has recommended some tips for users to defend themselves against cryptocurrency investment scams.
According to the NSA, a mature zero trust framework requires the adoption of capabilities from seven different pillars, namely application/workload, automation and orchestration, device, data, network/environment, user, and visibility and analytics.
The operation was conducted by Europol in coordination with law enforcement in Germany (BKA) and the United States (FBI), allowing the police to seize four servers, 7 TB of data, and $46.5 million worth of cryptocurrency (Bitcoin).
A day after sounding an alarm for live exploitation of the Outlook security flaw, Microsoft said it traced the exploit to a Russian APT targeting a limited number of organizations in government, transportation, energy, and military sectors in Europe.
Rapid7 says Minerva’s technology will be fitted into its Managed Detection and Response (MDR) services to beef up detection and response capabilities across cloud, on-premise, and extended attack surfaces.
A vendor of clinical and third-party administrative services to managed care organizations serving elderly and disabled patients said a cybersecurity incident last summer affected more than 4.2 million individuals.
Dubbed “FakeCalls” by the Check Point Research (CPR) team, the malware baits victims with fake loans, requesting them to confirm their credit card numbers, which are then stolen.
Following the collapse of Silicon Valley Bank (SVB), security researchers from all around the world warned that threat actors are already registering suspicious domains, creating phishing pages, and planning for BEC attacks. Through bogus domains, actors request personal information of individuals, such as their name, mobile number, email, and balance amount to process a claim.
Adobe Acrobat Sign allows registered users to send a document signature request to anyone. When doing so, an email will be generated and sent to the intended recipients from a legitimate email address.
Two new surveys examine what it takes to make a successful SOC. Both surveys stress the need for automation and artificial intelligence (AI) – but one survey raises the additional specter of the growing use of bring your own AI (BYO-AI).
A cancer patient whose nude medical photos and records were posted online after they were stolen by a ransomware gang, has sued her healthcare provider for allowing the "preventable" and "seriously damaging" leak.
By virtue of Chrome's market share, if Google makes this change for Chrome, that makes it a de facto standard that every commercial public certificate authority would have to follow.
The announcement, titled "350 GB from US Marshal Service (USMS) law enforcement confidential information," was added on March 15, using an account registered just a day earlier on a Russian-speaking hacking forum.
Jelly Bean Communications Design reached a $293,771 settlement to resolve False Claims Act allegations that it knowingly provided deficient security controls to Florida Healthy Kids Corp., which caused the second-largest healthcare breach of 2021.
The new GoatRAT — like BraxDex, Senomorphy, and PixPirate before it — steals the Pix key of the mobile devices it targets to make instant payments from compromised accounts, researchers from Cyble revealed in a blog post.
A new report from Proofpoint and Cybersecurity at MIT Sloan says 61% of healthcare boards discuss cybersecurity at least monthly (versus 75% across all sectors), and only 64% believe they have invested adequately in it (versus 76% for all sectors).
As earlier reported by BleepingComputer, Essendant's widespread network outage has prevented the placement or fulfillment of online orders and impacted both the company's customers and suppliers.
Depending on the business, a customer service agent may have access to a trove of customer information and company systems. They may even have access to change customer account information or take payments over the phone.
More federal guidance has emerged as the world continues its preparations for the advent of quantum computing with the Government Accountability Office disseminating fast facts on how to secure sensitive data in a post-quantum cryptographic world.
Latitude said the details were stolen from service providers it uses. The company did not clarify further, but this is believed to refer to companies that provide corporate services to Latitude.
Mozilla announced this week the release of Firefox 111, which patches over a dozen vulnerabilities, including potentially serious issues. Of the 13 CVEs, seven have been assigned a ‘high’ severity rating.
The importance of attribution depends on the organization involved and whether it can see an investigation through. With investigations taking lots of time and resources, it shouldn’t be an organization’s priority in the event of a breach.
The two hackers, belonging to the "ViLE" crime group, allegedly broke into a federal law enforcement database. They also used a compromised Bangladeshi police officer's email to fraudulently request user data from a social media company.
A study by Hoxhunt sampling 53,000 email users in more than 100 countries found that professional red teamers generated a click rate of 4.2%, while ChatGPT-generated emails induced just a 2.9% click rate.
According to the alert, both the unnamed nation-backed hacking group and the criminal group dubbed XE Group exploited known vulnerabilities in Progress Telerik software located in the unnamed government agency’s Microsoft IIS web server.
CloudSEK witnessed a 200-300% month-on-month surge in AI-generated YouTube videos about software cracks containing malicious links to a variety of stealer malware such as Raccoon, RedLine, and Vidar. To make the videos appear at the top of the results, threat actors employ SEO poisoning techniques.
Cybersecurity researcher Luca Mella shared technical insights on the Makop ransomware that attains persistence through dedicated .NET tools. To access victim networks, the gang makes use of internet-facing bugs and exposed remote administrative services. The operators began to work for their criminal enterprise in 2020 using a variant of the Phobos ransomware.
Ubuntu Security Notice 5954-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard show more ...
Red Hat Security Advisory 2023-1278-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important.
Debian Linux Security Advisory 5374-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.
Ubuntu Security Notice 5958-1 - It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that show more ...
Red Hat Security Advisory 2023-1277-01 - An update for openstack-swift is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important.
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
For various versions of Bitbucket, there is an authenticated command injection vulnerability that can be exploited by injecting environment variables into a user name. This module achieves remote code execution as the atlbitbucket user by injecting the GIT_EXTERNAL_DIFF environment variable, a null character as a show more ...
Ubuntu Security Notice 5957-1 - Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Lilith of Cisco Talos discovered that show more ...
Red Hat Security Advisory 2023-1275-01 - An update for etcd is now available for Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 5956-1 - Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that show more ...
Ubuntu Security Notice 5956-2 - USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. show more ...
Ubuntu Security Notice 5855-2 - USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a show more ...
Red Hat Security Advisory 2023-1281-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform. Issues addressed include a remote shell upload vulnerability.
Microsoft SQL Server 2014, 2016, 2017, 2019, and 2022 appears to ignore audit rules for sys.sysxlgns allowing an attacker with administrative permissions to extract password hashes under the radar. Microsoft told the researcher they are not willing to fix it but acknowledge it as a security problem.
Ubuntu Security Notice 5955-1 - It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary commands.
Red Hat Security Advisory 2023-1280-01 - OpenStack Image Service provides discovery, registration, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual disk images stored in a variety of back-end stores, including show more ...
XNU NFSSVC suffers from root check bypass and use-after-free vulnerabilities due to insufficient locking in upcall worker threads.
Red Hat Security Advisory 2023-1252-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Red Hat Security Advisory 2023-1251-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-1279-01 - Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage.
Red Hat Security Advisory 2023-1276-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.
Proof of concept code for a critical Microsoft Outlook vulnerability for Windows that allows hackers to remotely steal hashed passwords by simply receiving an email.
Minerva's robust technology and talented engineering team extend Rapid7's end-to-end managed threat detection and orchestration capabilities from the endpoint to the cloud.
Attackers are increasingly staying under the radar by using your own tools against you. Only behavioral AI can catch these stealthy attacks.
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 (CVSS score: 8.6), which could be exploited by a threat actor to achieve arbitrary code execution. "Adobe ColdFusion
A coalition of law enforcement agencies across Europe and the U.S. announced the takedown of ChipMixer, an unlicensed cryptocurrency mixer that began its operations in August 2017. "The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking,
In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also the most represented Industry in our CyberSOC dataset – contributing more Incidents than any other
The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aimed at containerized environments to ultimately steal proprietary data and software. Specifically, the
Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver commercial adversary simulation software. The development comes as
The twisted tale of the two Teslas, and a deepfake sandwich. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
