Various media sources are reporting a mass supply-chain attack targeting 3CX VoIP telephony system users. Unknown attackers have managed to infect 3CX VoIP applications for both Windows and macOS. Now the cybercriminals are attacking their users via a weaponized application signed with a valid 3CX certificate. The show more ...
Episode 292 of the Transatlantic Cable Podcast is here! This week, the team talk about aggressive AI and how the DEA have turned Apple AirTags into a surveillance tool against criminals. Moving on, the team discuss recent news that Nvidias CTO thinks that crypto-currencies dont bring anything useful for society – show more ...
Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance.
In a Solar Winds-like attack, compromised, digitally signed versions of 3CX DesktopApp are landing on user systems via the vendor's update mechanism.
The vulnerability would have allowed an unauthenticated attacker to execute code on a container hosted on one of the platform's nodes.
Business email compromise scams are moving beyond just stealing cash, with some threat actors fooling companies into sending goods and materials on credit, and then skipping out on payment.
Don't count on securing end users for system security. Instead, focus on better securing the systems — make them closed by default and build with a security-first approach.
ISPM is a combination of identity attack surface management, and risk reduction, as well as identity threat prevention, detection, and response.
Researchers spotted a new malware operation, named NullMixer, that hit over 8,000 targets within a week, with a special focus on North America, Italy, and France. The attackers use SEO poisoning, along with social engineering tactics to lure their potential victims, consisting mostly of IT personnel and technocrats. Now stay ahead of such threats with our state-of-the-art threat Intel exchange platform, CTIX.
The number of credential phishing emails sent spiked by 478%. Emotet and QakBot are the top malware families observed. For the eighth consecutive year, business email compromise (BEC) ranked as the top cybercrime.
AlienFox is a modular toolset comprising various custom tools and modified open-source utilities created by different authors. Threat actors use AlienFox to collect lists of misconfigured cloud endpoints from security scanning platforms.
A majority of organizations reported that global geopolitical instability has influenced their cyber strategy “moderately” or “substantially”. Their biggest concerns regarding cyberattacks are business continuity (67%) and reputational damage (65%).
While CrowdStrike suspects a North Korean state-backed hacking group it tracks as Labyrinth Collima is behind this attack, Sophos' researchers say they "cannot verify this attribution with high confidence."
Successful exploitation on unpatched devices using Sudo versions 1.8.0 through 1.9.12p1 could enable attackers to escalate privileges by editing unauthorized files after appending arbitrary entries to the list of files to process.
Mandiant identified a North Korean threat actor, named APT43, conducting cyberespionage campaigns against government organizations in the U.S. and South Korea. Besides its own, APT43 leverages its own set of custom malware, such as Pencildown, Venombite, Pendown, Laptop, Hangman backdoor, and others, not used by other attackers.
The company’s founders argue that an organization’s identity surface is now the number one attack vector, yet as companies increasingly rely on an ever-growing number of third-party services, that’s also becoming increasingly hard to manage.
Over the past few months, threat actors have been spreading ShellBot and Moobot malware on exploitable servers. Compromised victims can be controlled and used as DDoS bots after receiving a command from a C2 server.
A researcher was able to bypass OpenAI’s fix for the original account takeover issue, using a new payload, and discovered that all ChatGPT APIs were vulnerable to the bypass.
A recent update introduced a new SafeMoon smart contract function that burns tokens. Unfortunately, the function was mistakenly set to the public without restrictions, allowing anyone to execute it as they wished.
Benjamin Fabre founded DataDome in 2015 with Fabien Grenier, a longtime business partner, after the pair made the observation that most companies weren’t able to detect and block bots.
The Azure Pipelines flaw affected both the SaaS version of Azure DevOps Server and the self-hosted, on-premises version. Customers running the on-premises version need to patch their instances to remediate the RCE vulnerability.
Are you a crypto user addicted to Tor? Tor browser users across the world are under attack with trojanized versions of Tor browser installers, especially those in Russia and nearby regions. These infected browsers were being promoted as "security-strengthened" versions of the browser. Kaspersky warned against the most common mistake - downloading and running Tor from a third-party store.
A new phishing campaign has surfaced to drop Remcos RAT and Formbook malware through DBatLoader malware loader, revealed Zscaler researchers. The campaign is aimed at compromising systems in Europe. Actors also leverage a multi-layered obfuscated HTML file and OneNote attachments to propagate the DBatLoader payload.
AI allows you to craft very believable ‘spear-phishing’ emails and other written communication with very little effort, especially compared to what you have to do before.
A vulnerability exists in the Windows Ancillary Function Driver for Winsock (afd.sys) can be leveraged by an attacker to escalate privileges to those of NT AUTHORITYSYSTEM. Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can be used to manipulate show more ...
Ubuntu Security Notice 5986-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Debian Linux Security Advisory 5380-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.
Eve-ng version 5.0.1-13 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-1514-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, show more ...
Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Upper Level Protocol (ULP) subsystem in the show more ...
Red Hat Security Advisory 2023-1513-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, show more ...
WordPress WPForms plugin version 1.7.8 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5985-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle show more ...
Forcepoint (Stonesoft VPN Client) versions 6.2.0 and 6.8.0 suffer from a privilege escalation vulnerability.
Red Hat Security Advisory 2023-1310-01 - An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate.
CrowdStrike Falcon Agent version 6.44.15806 has an uninstall bypass flaw that works without an installation token.
Lavasoft version 4.1.0.409 suffers from an unquoted service path vulnerability.
Red Hat Security Advisory 2023-1512-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9 and show more ...
Ubuntu Security Notice 5987-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that show more ...
Virtual Reception version 1.0 suffers from a directory traversal vulnerability.
Covenant version 0.5 suffers from a remote code execution vulnerability.
DSL-124 Wireless N300 ADSL2+ suffers from a backup disclosure vulnerability.
Red Hat Security Advisory 2023-1529-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 5983-1 - Cyku Hong discovered that Nette was not properly handling and validating data used for code generation. A remote attacker could possibly use this issue to execute arbitrary code.
myBB forums version 1.8.26 suffers from a persistent cross site scripting vulnerability.
Dreamer CMS version 4.0.0 suffers from a remote SQL injection vulnerability.
Helmet Store Showroom version 1.0 suffers from a remote SQL injection vulnerability that allows for login bypass.
Uniview NVR301-04S2-P4 suffers from a cross site scripting vulnerability.
Inbit Messenger versions 4.6.0 through 4.9.0 suffer from an unauthenticated remote command execution vulnerability.
The investment will fund global commercial rollout and R&D efforts to debilitate fraudsters.
SASE reduces security & connectivity costs and improves employee experience.
3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers. "The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls
A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan,
Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. "Multi-cloud by design," and its companion the supercloud, is an ecosystem in which several cloud systems work together to provide many organizational benefits, including increased scale and overall resiliency.And now, even security teams who have long been the holdout
A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for crypto mining, in order to enable and expand subsequent campaigns," SentinelOne security
Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) that was fixed by Microsoft in October 2022. "The Super FabriXss vulnerability
A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG. "RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range of industries globally," Recorded Future told The Hacker News. "The group has shown the ability to
A cryptocurrency hack leads us down a mazze of twisty little passages, Joe Biden's commercial spyware bill, and Utah gets tough on social media sites. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register's Iain Thomson.
31-year-old Solomon Ekunke Okpe, of Lagos, was a member of a gang that devised and executed a variety of scams - including business email compromise (BEC), romance scams, working-from-home scams, and more - between December 2011 and January 2017. Read more in my article on the Hot for Security blog.
Malware, disguised as copies of Tor, has stolen approximately US $400,000 worth of cryptocurrency from almost 16,000 users worldwide.
