Governments of many countries are tightening the laws that regulate working with personal data. At the same time, the number of data leaks is only growing from year to year. If around ten years ago the most severe financial losses a company could suffer tended to be lawsuits and consequences of reputational damage, show more ...
The United Kingdom’s National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. The warning displayed to show more ...
Without proof that it was collected legally, purchased data can threaten an enterprise's security compliance and may expose the company to litigation.
A novel cyber threat against macOS users is being sold for $100 a pop on the Dark Web, and activity is ramping up.
A technique, dubbed the "Near-Ultrasound Inaudible Trojan" (NUIT), allows an attacker to exploit smartphones and smart speakers over the Internet, using sounds undetectable by humans.
The NullMixer loader has compromised thousands of endpoints in the US, France, and Italy, stealing data and selling it to Dark Web data dealers, all without setting off alarm bells.
In cyberattacks against the US, South Korea, and Japan, the group (aka APT43 or Thallium) is using advanced social engineering and cryptomining tactics that set it apart from other threat actors.
IoT risk and security must get more attention from vendors and support from the marketplace.
CISA released the hunt and response tool to help defenders extract cloud artifacts without performing additional analytics.
A lack of website protections, Sender Policy Framework (SPF) records, and DNSSEC configurations leave companies open to phishing and data exfiltration attacks.
Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397. The flaw is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass.
Stress testing involves simulating different types of attacks that hackers might use to breach a system, including distributed denial of service (DDoS) attacks, brute force attacks, SQL injections, and other types of exploits.
The details stolen include 7.9 million Australian and New Zealand driver’s license numbers and 53,000 passport numbers, Latitude said. Further 6.1 million customer records were also stolen, of which 5.7 million were provided before 2013.
A Microsoft Outlook bug has been discovered jeopardizing the security of the Microsoft 365 suite. Tagged as CVE-2023-23397, the bug enables a threat actor to access user credentials by passing along a specially crafted email package. It reportedly features a high ‘wormability’ factor with no user interaction show more ...
US president Joe Biden on Monday issued an Executive Order on Prohibition on Use by the United States Government of Commercial Spyware that Poses Risks to National Security – a title that is not quite as simple as it seems.
Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs.
A new ransomware operation by the Dark Power group was spotted in the wild by cybersecurity firm Trellix. It gives victims a total of 72 hours to send $10,000 in Monero cryptocurrency to receive a working decryptor. To experts, it appears to be a private project since this operation has no traces of promotion over any hacker forums or dark web spaces. According to the leak site, there have been 10 victims so far.
The update is available in versions iOS 15.7.4 and iPadOS 15.7.4 for iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
New York Attorney General Letitia James said Monday that midsize law firm Heidell, Pittoni, Murphy & Bach has agreed to pay $200,000 to the state over data security lapses that led to a 2021 data breach.
The use of IPFS is not limited to mass mailing campaigns: it is used for complex targeted attacks too. Targeted phishing campaigns are much better prepared, normally focusing on specific persons within the company, not just random users.
This is according to a report by Russian media the Bell and Medusa, who investigated the matter after a series of arrests of anonymous Telegram channel owners and bloggers in 2022.
The NCA didn’t say how many of the sites it had set up as part of the operation, but claimed that “several thousand” people had already accessed them in search of the “booter” services needed to launch DDoS attacks against targets.
93 percent of CISOs are concerned about dark web threats, and almost 72 percent of CISOs believe that intelligence on cybercriminals is “critical” to defend their organization and increase cybersecurity, according to Searchlight Cyber.
The campaign targets manufacturing companies and multiple businesses in European countries through phishing emails. The malicious payload is distributed through WordPress sites with authorized SSL certificates.
Security researchers at Proofpoint described the malware samples in an advisory published on Monday, which names them Standard, Lite, and Forked IcedID variants respectively.
Shadow IT teams, also known as rogue IT teams, have grown in popularity in recent years due to the rise of cloud-based apps and remote work. However, this has led to operational tension and security risks within many businesses.
The NullMixer package is including new polymorphic loaders by third-party MaaS and PPI service providers in the underground markets, and also pieces of controversial, potentially North-Korean-linked PseudoManuscript code.
You can simply block, by default, all access to all uncategorized sites. But wielding such a blunt policy instrument is likely to introduce a range of problems for users trying to access legitimate sites, and negatively affect business velocity.
BlackGuard, which was first spotted in March 2022, has experienced an upgrade with several new capabilities. It added a crypto wallet hijacker module that has hardcoded addresses and support for multiple cryptocurrencies. The stealer can now propagate via USB and other removable devices to infect new hosts. Also, it can now steal data and drain crypto assets from 12 more cryptocurrency browser extensions and wallets.
Throughout its investigation, Trend Micro observed several instances where victims were compromised by two groups simultaneously, indicating possible overlaps in collection requirements between these groups, such as Groups 724, 1358, and 5171.
Instead of snow days, students now get cyber days off. Cyberattacks are affecting school districts of all sizes from coast-to-coast. Some schools even completely shut down due to the attacks.
The French Ministry of Transformation and Public Service on Friday announced a ban on all "recreational apps" from government-issued mobile devices, to take effect immediately.
The man from Lagos participated in multiple BEC, credit card, work-from-home, check-cashing, and romance scams targeting banks, businesses, and individuals in the US and abroad, including First American Holding Company and MidFirst Bank.
"We were recently contacted by a ransomware group who claimed they have illegally obtained a limited number of Crown files," a spokesperson of the formerly listed firm said in a statement.
ChatGPT’s ability to draft highly realistic text makes it a useful tool for phishing purposes. In addition to generating human-like language, ChatGPT is capable of producing code in a number of different programming languages.
BetterHelp is facing at least three proposed class action lawsuits after earlier this month settling allegations with the FTC that it violated users' privacy by sharing identifying information with social media platforms including Facebook.
The company has notified law enforcement and is working with outside firms to contain the incidents, according to the filing. It has begun business continuity efforts to restore functionality to its customers’ systems.
Debian Linux Security Advisory 5379-1 - Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message. Additionally an attacker can take advantage show more ...
Ubuntu Security Notice 5978-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the show more ...
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
The SolarWinds Information Service (SWIS) is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead to OS command execution as NT AUTHORITYSYSTEM.
Apple Security Advisory 2023-03-27-9 - Studio Display Firmware Update 16.4 addresses a code execution vulnerability.
Red Hat Security Advisory 2023-1486-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering show more ...
rukovoditel version 3.2.1 suffers from a cross site scripting vulnerability.
iBooking version 1.0.8 suffers from a remote shell upload vulnerability.
Red Hat Security Advisory 2023-1409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.9.
Apple Security Advisory 2023-03-27-8 - Safari 16.4 addresses bypass vulnerabilities.
ReQlogic version 11.3 suffers from a cross site scripting vulnerability.
This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System (BMS) applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called Console.jsp in the tools show more ...
Hashicorp Consul version 1.0 suffers from a remote command execution vulnerability.
Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-6 - tvOS 16.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Moodle LMS version 4.0 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5977-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the show more ...
Tunnel Interface Driver suffers from a denial of service vulnerability.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
OPSWAT Metadefender Core version 4.21.1 suffers from a privilege escalation vulnerability.
Label Studio versions 1.5.0 and below suffer from a server-side request forgery vulnerability.
Ubuntu Security Notice 5976-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute show more ...
X-Skipper-Proxy version 0.13.237 suffers from a server-side request forgery vulnerability.
Subrion CMS version 4.2.1 suffers from a persistent cross site scripting vulnerability.
Apple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529, concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been
U.S. President Joe Biden on Monday signed an executive order that restricts the use of commercial spyware by federal government agencies. The order said the spyware ecosystem "poses significant counterintelligence or security risks to the United States Government or significant risks of improper use by a foreign government or foreign person." It also seeks to ensure that the government's use of
An advanced persistent threat (APT) group that has a track record of targeting India and Afghanistan has been linked to a new phishing campaign that delivers Action RAT. According to Cyble, which attributed the operation to SideCopy, the activity cluster is designed to target the Defence Research and Development Organization (DRDO), the research and development wing of India's Ministry of
Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, started off as a banking trojan in 2017. It's also capable of delivering additional malware, including ransomware. "The well-known IcedID version consists of an initial loader
Malicious actors are constantly adapting their tactics, techniques, and procedures (TTPs) to adapt to political, technological, and regulatory changes quickly. A few emerging threats that organizations of all sizes should be aware of include the following: Increased use of Artificial Intelligence and Machine Learning: Malicious actors are increasingly leveraging AI and machine learning to
A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed DBatLoader. "The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to evade detection engines," Zscaler researchers Meghraj Nandanwar and Satyam Singh said in a report
Microsoft on Tuesday unveiled Security Copilot in preview, marking its continued push to embed AI-oriented features in an attempt to offer "end-to-end defense at machine speed and scale." Powered by OpenAI's GPT-4 generative AI and its own security-specific model, it's billed as a security analysis tool that enables cybersecurity analysts to quickly respond to threats, process signals, and
