VPNs are becoming more and more popular: a secure, encrypted connection is needed these days not only by travelers, but also gamers, streamers, crypto investors and even fans of foreign TV shows. And thats why the VPN industry is developing rapidly. But did you know that just by updating your VPN application and show more ...
In this Spotlight episode of the Security Ledger podcast, I interview Richard Bird, the CSO of the firm Traceable AI about the challenge of securing application programming interfaces (APIs), which are increasingly being abused to steal sensitive data. The post Spotlight: Traceable CSO Richard Bird on Securing show more ...
CISA is advising Nexx customers to unplug impacted devices until the security issues are addressed — but so far, it's crickets as to patch timeline.
Application security is the dominant trend for this year's startup contest, but AI, blockchain, and compliance are all represented as well.
The homepage of a widely used Dark Web forum for stolen cookies and other compromised data has been replaced by a seizure notice by the US federal law enforcement agency.
As both digital protection strategies and digital attacks become more sophisticated, organizations that know the terrain have a better chance of navigating it.
The new TrustRegister application allows companies to proactively surface risks and remediation plans via programmatic risk assessments.
Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.
Multiple QNAP operating systems are affected, including QTS, QuTS hero, QuTScloud, and QVP Pro appliances, and some don't yet have patches available.
Security issues in Realtek and Cacti are being exploited to distribute ShellBot and Moobot malware, revealed FortiGuard Labs. Realtek bug, CVE-2021-35394, is an arbitrary command injection bug that affects UDPServer. CVE-2022-46169, the Cacti bug, is a command injection flaw that enables an unauthenticated user to execute arbitrary code on the vulnerable server.
AlienFox is a new modular toolkit that enables attackers to scan for misconfigured servers to pilfer authentication keys and credentials for cloud-based email services. SentinelLabs discovered three variants of AlienFox containing scripts that automate malicious operations using the stolen credentials.
Cybercriminals associated with TACTICAL#OCTOPUS were spotted distributing tax-related email lures to spread malware. Security analysts at Securonix revealed that attackers are using authentic W-2 tax documents, I-9 forms, and real estate purchase contracts as bait.
The new financing round was led by San Francisco-based venture capital outfit SignalFire. The company said it also took in investments from Ten Eleven Ventures and prominent security executives Kevin Mandia and Jack Huffard.
The bug, tracked as CVE-2023-1707, affects about 50 HP Enterprise LaserJet and HP LaserJet Managed Printers models. It has a severity score of 9.1 out of 10 on the CVSS v3.1 standard and exploiting it could potentially lead to information disclosure.
Cybersecurity startups face rising pressures during this economic uncertainty, but strategic investors can help them succeed in providing tech that defends against cyberattacks.
Security researcher Jeremiah Fowler found 600,000 “customer support attachments” related to website Z2U, which included images of individuals holding credit cards, passports and other ID documents.
Netscout also pointed to a notable 18% increase in direct-path attacks over the past three years, corresponding to a drop in reflection or amplification attacks of about the same percentage.
Many organizations still operate these functions separately, leading to slower response times, budgeting challenges, duplicated resource allocations, and an overall weaker security and business continuity posture.
The CEO of VoIP software provider 3CX said his team tested its products in response to alerts notifying it of a supply chain attack, and assessed reports that its client code was infested with malware were a false positive.
The phishing messages typically claim that there is a problem with your Disney account, such as a billing issue, and that you need to update your account information to resolve the problem.
Scammers are posing as buyers and sending fraudulent messages to sellers, reserving products for sale and then immediately canceling them. They then send messages to request the personal information of the sellers.
In recent news, a hacking group with alleged Turkish origins has surfaced, claiming to target banks, servers, government agencies, and facilities. Most of their attacks, which have been reported on Twitter, appear to be defacement attacks.
In its disclosure, the companies confirmed their use of website trackers, which are small snippets of code that share with tech giants information about visitors to their websites and are often used for analytics and advertising.
Typhon Reborn V2 includes significant updates to its codebase and improved capabilities. The new version features additional anti-analysis and anti-virtual machine (VM) capabilities to evade detection and make analysis more difficult.
Trace3’s acquisition of Set Solutions is a continuation of the company’s strategic expansion plan. The investment allows the combined companies to deepen cybersecurity capabilities to drive success for commercial and enterprise clients.
Security experts have urged the npm registry to deploy anti-bot technology after revealing that the open-source repository has suffered intermittent denial of service (DoS) outages over the past month.
The Series A funding is being led by GV (Google Ventures), with participation from Decibel and several angels, including Dug Song, former CEO at Duo Security, and Tray.io CEO Rich Waldron.
Instead of the typical cryptojacking or backdoor payload, the attacker installed an agent that turned the compromised account into a proxy server, allowing the attacker to sell the IP to a proxyware service and collect the profit.
A security researcher found a series of vulnerabilities with the Nexx brand of smart garage openers. He says he could remotely find garages to target, and then open them across the internet.
Tallahassee Memorial HealthCare says its investigation into the February incident determined that an "unauthorized person" had gained access to its computer network and obtained certain files from its systems between January 26 and February 2.
The STYX marketplace was launched at the beginning of 2023. This discovery illustrates the post-pandemic menace of cyber-enabled financial crime and the threat it poses to financial institutions and their customers.
The hacker is considered to be responsible for multiple high-profile cyberattacks and for creating a search engine called Udyat (the eye of Horus) dedicated to selling stolen sensitive information in large numbers.
The FBI-led effort known as “Operation Cookie Monster” took down a notorious cybercrime marketplace known for selling compromised credentials and biometric data for digital fraudsters to carry out attacks or commit identity theft.
TAFE South Australia has revealed a data breach that was discovered when SA Police seized “devices containing electronic scanned copies of TAFE SA student identification forms”.
A security vulnerability in the Elementor Pro website builder plugin for WordPress is under active exploitation by a threat actor. An authenticated user can take advantage of this to take full control over a WordPress site having WooCommerce enabled. The bug in the plugin, roughly deployed on over 12 million sites, impacts versions 3.11.6 and earlier.
Researchers at Sysdig highlight that the new Proxyjacking attack, which is much like cryptojacking, is abusing the infamous Log4j vulnerability to gain initial access to victims’ systems. On a broader scale, researchers note that a modest compromise of 100 IPs can enable attackers to make a profit of nearly $1,000 per month.
A new ransomware strain, named Rorschach, was unveiled by Check Point Research. The ransomware boasts an advanced level of customization and fast encryption, which sets it apart from other strains. Furthermore, an in-depth examination of Rorschach's source code indicates similarities with the Babuk ransomware family. Its attacks have been reported in Asia, Europe, and the Middle East.
Ubuntu Security Notice 5999-1 - It was discovered that trim-newlines incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 5997-1 - It was discovered that IPMItool was not properly checking the data received from a remote LAN party. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution.
Red Hat Security Advisory 2023-1661-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.11.0 includes security and bug show more ...
Citrix versions 22.2.1.103 and 23.1.1.11 suffer from a local privilege escalation vulnerability.
Red Hat Security Advisory 2023-1660-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Bus Pass Management System version 1.0 suffers persistent cross site scripting vulnerabilities.
Red Hat Security Advisory 2023-1639-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Pentaho BA Server EE version 9.3.0.0-428 suffers from a remote code execution vulnerability via a server-side template injection flaw.
Red Hat Security Advisory 2023-1662-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
D-Link DIR-846 suffers from a remote command execution vulnerability.
Red Hat Security Advisory 2023-1659-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
projectSend r1605 suffers from a remote code execution vulnerability.
Red Hat Security Advisory 2023-1630-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2023-1504-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.34.
Monitorr version 1.7.6 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-1591-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Red Hat Security Advisory 2023-1600-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1594-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers show more ...
Liferay Portal version 6.2.5 suffers from an insecure permissions vulnerability.
Ubuntu Security Notice 5855-3 - USN-5855-2 fixed vulnerabilities in ImageMagick. Unfortunately an additional mitigation caused a regression. This update fixes the problem. It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially show more ...
Uptime Kuma versions 1.19.6 and below suffer from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-1590-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Calendar Event Multi View version 1.4.07 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
FedEx Ship Manager (FSM) version 3704 suffers from an insecure use of .NET remoting.
Cybereason announces additional funding led by Softbank Corp.
Phoenix addresses the critical need for smaller operators to secure their operations with an easy-to-use and cost-effective OT security solution.
Enables enterprises to operationalize MITRE ATT&CK and build a multi-layered, threat-informed defense to eliminate gaps based on organizational risk and priorities.
Enhanced API defenses, granular machine learning capabilities, and new managed service offerings provide comprehensive protection across distributed environments.
BlackBerry integrates award-winning CylanceGUARD and BlackBerry AtHoc technologies for "combat-ready" cyber event continuity planning and response.
The threat actor behind the information-stealing malware known as Typhon Reborn has resurfaced with an updated version (V2) that packs in improved capabilities to evade detection and resist analysis. The new version is offered for sale on the criminal underground for $59 per month, $360 per year, or alternatively, for $540 for a lifetime subscription. "The stealer can harvest and exfiltrate
An unknown threat actor used a malicious self-extracting archive (SFX) file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software to display the file contents. It achieves this by including a decompressor stub, a piece of code
A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google's Threat Analysis Group (TAG) is tracking the cluster under the name ARCHIPELAGO, which it said is a subset of another threat group tracked by Mandiant under the name APT43. The tech giant
Every year hundreds of millions of malware attacks occur worldwide, and every year businesses deal with the impact of viruses, worms, keyloggers, and ransomware. Malware is a pernicious threat and the biggest driver for businesses to look for cybersecurity solutions. Naturally, businesses want to find products that will stop malware in its tracks, and so they search for solutions to do that.
Portuguese users are being targeted by a new malware codenamed CryptoClippy that's capable of stealing cryptocurrency as part of a malvertising campaign. The activity leverages SEO poisoning techniques to entice users searching for "WhatsApp web" to rogue domains hosting the malware, Palo Alto Networks Unit 42 said in a new report published today. CryptoClippy, a C-based executable, is a type
