You might think that hiding sensitive information in a picture is a cakewalk. Just blot out your secrets with a big black marker in any image editor. Or even better: just crop the bit of the photo or screenshot that contains your personal data. What could possibly go wrong? Quite a lot, in fact. Weve already posted show more ...
After several weeks and more than 130 ransomware victims, GoAnywhere parent company Forta issues a statement.
From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands.
Key vaults, aka key management as a service (KMaaS), promise to allow companies to encrypt sensitive data across cloud and third parties with granular control.
Don't assume stakeholders outside security understand your goals and priorities, but consider how you'll communicate with them to gain their support.
Indicators point to Twitter's source code being publicly available for around 3 months, offering a developer security object lesson for businesses.
Self-hosted web administration solution CloudPanel was found to have several security issues, including using the same SSL certificate private key across all installations and unintentional overwriting of firewall rules to default to weaker settings.
The fourth edition of the Director’s Handbook on Cyber-Risk Oversight, published by the National Association of Corporate Directors and the Internet Security Alliance, outlines six core principles “for board oversight of cybersecurity.”
AT&T Alien Labs researchers have discovered a new variant of BlackGuard stealer in the wild, infecting using spear phishing attacks. The new variant is trying to propagate through removable media and shared devices.
The attack was disclosed on March 19, and threat actors had access to customer and employee information. The agency is going to notify impacted customers and employees via breach notification letters.
Security experts found a malicious package, named onyxproxy, using leveraged Unicode support in Python to obfuscate an info-stealing malware. They said that the threat actor merely copy-pasted the code from various places and intermixed it with malicious code. The package onyxproxy was published on the platform on March 15 and it amassed 183 downloads before its removal on March 22.
Upon starting, the ransomware creates a randomized 64-character long lowercase ASCII string. The randomization ensures the key is unique each time the sample is executed, and therefore it is unique on each targeted machine.
OpenAI on Friday disclosed that a bug in the Redis open-source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week.
The hacker claimed to have stolen close to 1 million user records, including names, dates of birth, passwords stored in plaintext, and about 415,000 unique email addresses, which iD Tech did not dispute when TechCrunch reached by email.
In a new campaign, the Perl-based DDoS bot malware ShellBot (also known as PerlBot), which was previously used in assaults alongside CoinMiner, targets poorly maintained Linux SSH servers. Threat actors use three new malware variants - LiGhT's Modded perlbot v2, DDoS PBot v2.0, and PowerBots (C) GohacK. Administrators are suggested to implement strong password policies.
Researchers from Mitiga discovered that the IAM system saves Okta user passwords to audit logs if a user accidentally types them in the "username" field when logging in, thereby allowing threat actors with access to a company system to harvest them.
The so-called Risk Model Manager (RMM) platform is now available for organizations to assess supply chain risk and security, as well as to view, edit, and customize the SoT framework content, or export it for use as a subset framework.
In the new campaign found by Intezer, Bitter sends emails pretending to be from the Embassy of Kyrgyzstan in Beijing to various Chinese nuclear energy companies and academics related to that field.
On March 16, 2022, about a month after the FBI took down a popular online forum for buying and selling stolen data known as RaidForums, another criminal marketplace quickly sprung up to take its place.
American university researchers have developed a novel attack called "Near-Ultrasound Inaudible Trojan" (NUIT) that can launch silent attacks against devices powered by voice assistants, like smartphones, smart speakers, and other IoTs.
Azure network defenders can use the tool to export and review sign-in audit logs and activity alerts from a range of Azure and Microsoft Defender environments to pinpoint signs of suspicious activity.
The attack has not resulted in the breach of any data and court operations are continuing as usual statewide, state Supreme Court Chief Justice Annette Ziegler said in a statement.
Cyble Research and Intelligence Labs uncovered a new Malware-as-a-Service (MaaS) platform called Cinoshi. Its arsenal includes a stealer, botnet, clipper, and cryptominer. The stealer collects cards, cookies, and credentials from popular browsers including Chromium, Edge, and Gecko. In addition to paid services, the platform also offers a web panel to control malicious activities for free.
A hospital was hit by a cyberattack - but the full extent of the breach is still unknown. Walsall Healthcare NHS Trust has urged people to "remain vigilant around any suspicious activity" in the wake of the incident.
"The City and its Information Systems Department (IS) are working with law enforcement to investigate as well as technical specialists experienced in cyber recovery services to restore services as quickly as possible," said city officials.
The losses for victims range between $2,500 and $500,000, which the syndicate laundered using a massive network of 180 bank accounts, many of which were opened in South African banks using stolen identities.
Researchers at Cleafy uncovered a new Android banking trojan being tracked as Nexus. The malware has appeared on multiple hacking forums with the same name and is promoted via a Malware-as-a-Service (MaaS) subscription. Though the malware appears to be at a nascent stage, researchers confirmed several active campaigns show more ...
On the third day, contestants were awarded $185,000 after demonstrating 5 zero-day exploits targeting the Ubuntu Desktop, Windows 11, and the VMware Workstation software.
Parts of Twitter’s source code were recently leaked online via GitHub, the New York Times reports, but were taken down after the social media platform filed a DMCA request.
Instead of sending fake invoices or money transfer requests, attackers attempt to ‘purchase’ high-value goods such as construction materials, agricultural supplies, IT hardware, and solar energy products.
A Chinese cyber-espionage campaign, named Operation Tainted Love—associated with Operation Soft Cell—has been found hitting telecommunications providers in the Middle East since Q1 2023. Operation Soft Cell relies heavily on a custom credential theft malware, mim221.
The REF2924 threat cluster was observed dropping a previously-unseen malware, dubbed NAPLISTENER, on entities in Southeast and South Asia. The malware evades network-based forms of detection. Actors target Microsoft Exchange Servers exposed to the internet to deploy several backdoors, including SIESTAGRAPH, DOORME, and ShadowPad.
Debian Linux Security Advisory 5378-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.
Ubuntu Security Notice 5972-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, show more ...
Red Hat Security Advisory 2023-1470-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a double free vulnerability.
Suprema BioStar 2 version 2.8.16 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2023-1468-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a double free vulnerability.
WebTareas version 2.4 suffers from a remote blind SQL injection vulnerability. Original discovery of this issue in this version is attributed to Behrad Taher in May of 2022. Related CVE number: CVE-2021-43481.
WebTareas version 2.4 suffers from multiple cross site scripting vulnerabilities.
WebTareas version 2.4 suffers from a remote shell upload vulnerability.
Tftpd32_SE version 4.60 suffers from an unquoted service path vulnerability.
Rental House Management System version 1.0 suffers from a cross site scripting vulnerability.
WPN-XM Serverstack for Windows version 0.8.6 suffers from cross site scripting, local file inclusion, and path traversal vulnerabilities.
Fortinet FortiOS, FortiProxy, and FortiSwitchManager version 7.2.1 suffers from a authentication bypass vulnerability.
Ubuntu Security Notice 5954-2 - USN-5954-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these show more ...
Atom CMS version 2.0 suffers from a remote SQL injection vulnerability. Original discovery of this issue in this version is attributed to Luca Cuzzolin in February of 2022.
Red Hat Security Advisory 2023-1467-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a double free vulnerability.
Aero CMS version 0.l0.1 remote shell upload exploit. Original discovery of this issue in this version is attributed to D4rkP0w4r in April of 2022.
Aero CMS version 0.0.1 suffers from multiple remote SQL injection vulnerabilities. Original discovery of this issue in this version is attributed to nu11secur1ty in August of 2022.
Red Hat Security Advisory 2023-1469-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a double free vulnerability.
Desktop Central version 9.1.0 suffers from crlf injection, and server-side request forgery vulnerabilities.
Explorer32++ version 1.3.5.531 suffers from a buffer overflow vulnerability.
Frhed version 1.6.0 suffers from a buffer overflow vulnerability.
Resource Hacker version 3.6.0.92 suffers from a buffer overflow vulnerability.
Hex Workshop version 6.7 is vulnerable to denial of service via command line file arguments and control of the Structured Exception Handler (SEH) records.
Scdbg version 1.0 suffers from a buffer overflow vulnerability that can cause a denial of service condition.
Red Hat Security Advisory 2023-1471-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a double free vulnerability.
Single sign-on (SSO) is an authentication method that allows users to authenticate their identity for multiple applications with just one set of credentials. From a security standpoint, SSO is the gold standard. It ensures access without forcing users to remember multiple passwords and can be further secured with MFA. Furthermore, an estimated 61% of attacks stem from stolen credentials. By
A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs. "MacStealer has the
Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the CVSS
Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker "pompompurin," faces a maximum penalty of up to five years in prison. He was arrested on March 15, 2023. "Cybercrime victimizes and steals financial
Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for their support! Right now, “Zero Trust” is in serious danger of becoming an empty buzzword. The problem isn’t just that marketers have slapped the Zero Trust label on everything short of breakfast cereal–it’s that for … Continue reading "Can zero trust be saved?"
There's bad news if you're someone who is keen to launch a Distributed Denial-of-Service (DDoS) attack to boot a website off the internet, but don't have the know-how to do it yourself. Rather than hiring the help of cybercriminals to bombard a site with unwanted traffic or kick rivals out of a video game, show more ...
