Ransomware. Nasty. But how to build defenses against it? Rather – what should be protected first and foremost? Often, Windows workstations, Active Directory servers, and other Microsoft products are the prime candidates. And this approach is usually justified. But we should bear in mind that cybercriminal tactics show more ...
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a show more ...
While Intel is building more hardware protections directly into the chips, enterprises still need a strategy for applying security updates on these components.
The new Security Legal Research Fund and Hacking Policy Council are aimed at protecting "good faith" security researchers from legal threats and giving them a voice in policy discussions.
Software written or acquired outside of IT's purview is software that IT can't evaluate for security or compliance.
An uptick in EvilExtractor activity aims to compromise endpoints to steal browser from targets across Europe and the US, researchers say.
A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.
Kim Jong Un's Swiss Army knife APT continues to spread its tendrils around the world, showing it's not intimidated by the researchers closing in.
Attackers have their methods timed to the second, and they know they have to get in, do their damage, and get out quickly. CISOs today must detect and block in even less time.
The Open Source Security Foundation's SLSA v1.0 release is an important milestone in improving software supply chain security and providing organizations with the tools they need to protect their software.
The medical imaging firm's systems were compromised by a threat actor, exposing patients' driver's licenses and other identifying information.
Cybercriminals have become increasingly adept at designing new phishing tactics. Lately, a scam was found camouflaging as the legitimate Microsoft Teams login with the goal of tricking users into entering their login credentials.
In this attack, end-users get an email with a spoofed Microsoft OneDrive or Sharepoint notification that a file has been shared with them, instructing them to open the file.
A chain of two critical flaws has been disclosed in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers.
Security breaches and cyberattacks remain a significant threat for UK businesses, but many smaller firms appear to be prioritizing matters other than cybersecurity, the British government has warned.
EvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. It includes several modules that all work via an FTP service.
As cyberattacks increase in frequency and sophistication, SMBs become more vulnerable to cyber threats. Fortunately, several free online cybersecurity resources can help small businesses protect themselves from cyberattacks.
Nurse call systems and infusion pumps have been found to be the riskiest connected medical devices, suggests a new report by asset visibility and cybersecurity company Armis.
London-based professional outsourcing giant Capita has published an update on the cyber-incident that impacted it at the start of the month, now admitting that hackers exfiltrated data from its systems.
On Wednesday, Cisco released fixes for a critical-severity flaw in the web interface of IND that could be exploited remotely to execute commands on the underlying operating system.
Microsoft Word documents (docx) are the most common file format among the samples we analyzed. This suggests that APT43 relies heavily on Microsoft Word documents as a vector for delivering malicious payloads or exploiting vulnerabilities.
Some ISAs include built-in security features to mitigate vulnerabilities and attacks, such as hardware-based encryption, memory protection, and data execution prevention.
These guidelines, developed by a group of agencies—including the U.S. CISA, the ACSC, and the U.K NCSC—aim to help communities transitioning into "smart cities" fortify the digital networks crucial to delivering basic utilities and services.
The data analyzed so far suggests that the threat actor takes advantage of the MitID authentication mechanism in order to redirect the customer to a fake webpage for various malicious actions on target.
This threat had been disclosed to the company that owns the legitimate key last year and the company has taken precautions. The company confirmed that they have replaced the signing key and currently, all their apps are signed with a new singing key.
The court said that the severity of the crime, and the length of time that the highly sensitive data was not adequately protected from falling into the wrong hands, meant that the former CEO "must receive a prison sentence for the act."
RentoMojo sent an email to its subscribers stating that the firm has detected a security breach and wrote, "Recently, our team identified a security breach that involved unauthorized access to one of our databases."
Researchers were able to reconstruct the full chain, from the ZIP file that delivers a fake HSBC job offer as a decoy, up until the final payload: the SimplexTea Linux backdoor distributed through an OpenDrive cloud storage account.
With cybersecurity teams struggling to manage the remediation process and monitor for vulnerabilities, organizations are at a higher risk for security breaches, according to Cobalt.
Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim's Google account.
Thursday night, the ABA began notifying members that a hacker was detected on its network on March 17th, 2023, and may have gained access to members' login credentials for a legacy member system decommissioned in 2018.
In November last year, there were 95 disclosed data security incidents that resulted in 32 million breached records in Europe alone. Globally, there is a far worse picture. High-profile organizations like Twitter, Uber, and Twilio were hit last year.
Among the leaked data were bank account details, bank statements, credit card numbers, full names, dates of birth, home addresses, phone numbers, emails, personal identification documents, and employees’ and candidates’ CVs.
The dark side of this popularity is that ChatGPT is also attracting the attention of scammers seeking to benefit from using wording and domain names that appear related to the site.
The company shipped urgent patches on Thursday to cover critical security defects in the VMware Aria Operations for Logs (formerly vRealize Log Insight) product line and warned of the risk of pre-authentication remote root exploits.
Researchers observed Wiki and documentation pages being hosted by universities including Stanford, MIT, Berkeley, UMass Amherst, Northeastern, Caltech, among others, were compromised.
Debian Linux Security Advisory 5391-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.
Ubuntu Security Notice 6036-1 - It was discovered that PatchELF was not properly performing bounds checks, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information.
Nokia OneNDS 20.9 has loose sudo permissions that can allow users to escalate privileges.
Nokia OneNDS 17 has loose sudo permissions that can allow users to escalate privileges.
Red Hat Security Advisory 2023-1923-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
KODExplorer versions 4.49 and below suffer from cross site request forgery and remote shell upload vulnerabilities.
Ubuntu Security Notice 6035-1 - It was discovered that KAuth incorrectly handled some configuration parameters with specially crafted arbitrary types. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-1919-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include code execution and use-after-free vulnerabilities.
Chrome has an issue where there is an out-of-bounds string copy that can occur when parsing a uniform sampler name in SpvGetMappedSamplerName.
Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
This python script is a slow brute forcing utility to check passwords against FortiGate appliances. Check the homepage link for more information on how this was used to slowly bypass brute force protections.
Red Hat Security Advisory 2023-1918-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include code execution and use-after-free vulnerabilities.
Chrome has an issue where the GL_ShaderBinary is exposed to untrusted processes.
Red Hat Security Advisory 2023-1915-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
Chrome suffers from an issue where the traits for media::mojom::VideoFrame do not perform any validation on the stride and offset parameters when deserializing untrusted message data.
Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of
Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim's Google account. Dubbed GhostToken by Israeli cybersecurity startup Astrix Security, the shortcoming impacts all Google accounts, including enterprise-focused Workspace accounts. It
Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response, Uptycs, the first
The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "software supply chain attack lead to another software
A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm Aqua said in a report shared with The Hacker News. The Israeli company, which dubbed the attack
Were you a US-based Facebook user between May 24 2007 and December 22 2022? If so, I've got some good news for you. Read more in my article on the Hot for Security blog.
