When deploying and maintaining corporate information security systems, its logical to engage professionals. These experts can be either in-house or external — service providers or developers of the chosen solution. Each of these approaches has its pros and cons. After all, deploying an information security system show more ...
SEO-aided attacks, developer targeting, and malicious use of AI top the list for 2023.
The government needs to shift focus and reconsider how it thinks about securing our nation's digital and physical assets.
CISOs who have survived major cyber incidents recommend letting company ethos guide incident response.
As threat actors around the world grow and evolve, APTs from the DPRK stand out for their spread and variety of targets.
Researchers find that the encryption of a user's 2FA secrets are stripped after transportation to the cloud.
Researchers observed downloads of installers for the APT's flagship backdoor, MgBot, when users at a Chinese NGO were updating legitimate applications.
Goodbye, Phosphorus! Hello, Mint Sandstorm. Microsoft adopts two-word monikers for threat groups, but do we really need more?
IT leaders need to ensure Kubernetes clusters don't become a gateway for cybercriminals.
The group has unleashed numerous attacks against the country during the week of Israel's Independence Day.
Google patched a security hole dubbed GhostToken that affects all the users of Google Cloud Platform (GCP). This flaw enables attackers to gain access to user accounts through the installation of malicious OAuth applications obtained from either the Google Marketplace or third-party providers. Criminals can hide malicious apps by abusing this flaw.
A security company reported that BlueNoroff (a subgroup of Lazarus APT) has introduced a new macOS malware strain it is calling RustBucket. The malware allows attackers to download and execute various payloads. For the first-stage infection, the malware arrives packaged as an unsigned application, whereas it show more ...
These HiddenAds applications discovered on the Google Play Store and installed by at least 35 million users worldwide, have been found to send packets stealthily for advertising revenue in bulk.
Today, Microsoft disclosed that the Clop and LockBit ransomware gangs are behind recent attacks on PaperCut servers and using them to steal corporate data from vulnerable servers.
This threat actor is creating new business profiles, as well as hijacking real, reputable profiles with even millions of followers, and bombards people’s Facebook feeds with malicious click-bates promising adult-rated photo album downloads for free.
The open-source e-commerce platform PrestaShop has released a new version that addresses a critical-severity vulnerability allowing any back-office user to write, update, or delete SQL databases regardless of their permissions.
Tracked as CVE-2023-20060, the bug was found in the web-based management interface of Cisco PCD 14 and earlier by Pierre Vivegnis of the NATO Cyber Security Centre (NCSC).
The increase in reported ransomware victims across Q1 2023 reflects the continued prevalence of ransomware as a worldwide, industry-agnostic threat, according to GuidePoint Security.
The city of Lowell is alerting residents to a cyberattack that impacted the municipality's computer systems starting early on Monday. "We realized Monday morning around 3 to 5 AM that there was a breach," said City Manager Tom Golden.
A study conducted among CISOs worldwide from various industries sheds light on their strategies amid a challenging threat environment, identifies obstacles from business functions, and highlights their requirements for achieving success.
Scammers had lured a victim from Florida into parting with $480,000 after cultivating a long-term relationship, eventually coaxing him into making cryptocurrency investments.
The Linux flavor is specifically geared to single out ESXi hosts by terminating all virtual machines running on a compromised host prior to commencing the encryption process.
Iranian state-sponsored attacker group Charming Kitten introduced a new malware, named BellaCiao, to target individuals across Europe, the Middle East, the U.S., and India. Bitdefender Labs attached every sample of the malware to a distinct victim, suggesting that the group performed highly personalized attacks.
Cybersecurity researchers will show this week how they seized control of a European Space Agency (ESA) satellite in a demonstration that has been described as the world’s first ethical satellite hacking exercise.
An updated version of PowerLess, a Windows backdoor, has been detected being used by Educated Manticore, a state-sponsored threat actor from Iran, to carry out phishing attacks against Israel. The bait document appears to contain academic information about Iraq from a genuine non-profit organization.
A new macOS information-stealing malware named 'Atomic' (aka 'AMOS') is being sold to cybercriminals via private Telegram channels for a subscription of $1,000 per month.
NCR is making progress restoring services after a ransomware attack led to a data center outage that impacted its Aloha cloud-based services and Counterpoint applications.
Google has made available a new tool for Google Workspace admins and security teams to make an assessment of the risk different Chrome extensions may present to their users: Spin.AI App Risk Assessment.
A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan.
To trick unsuspecting users into downloading malware onto their systems, threat actors often used the Google advertisements platform to promote fake websites on legit software and application updates.
While those working in InfoSec and GRC have high levels of confidence in their cyber/IT risk management systems, persistent problems may be making them less effective than perceived, according to RiskOptics.
Ubuntu Security Notice 6042-1 - James Glovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
Aigital Wireless-N Repeater version Mini_Router.0.131229 suffers from a persistent cross site scripting vulnerability.
Ubuntu Security Notice 6045-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the show more ...
Red Hat Security Advisory 2023-2041-01 - Migration Toolkit for Applications 6.1.0 Images. Issues addressed include denial of service, privilege escalation, server-side request forgery, and traversal vulnerabilities.
Ubuntu Security Notice 6044-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the show more ...
MilleGPG5 version 5.9.2 suffers from a local privilege escalation vulnerability due to incorrect access controls.
Ubuntu Security Notice 6017-2 - USN-6017-1 fixed vulnerabilities in Ghostscript. This update provides the corresponding updates for Ubuntu 23.04. Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-1948-01 - OpenStack Compute is open source software designed to provision and manage large networks of virtual machines,creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running show more ...
This whitepaper illustrates different machine learning techniques for anomaly detection relating to bank transactions.
Ubuntu Security Notice 6043-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the show more ...
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can show more ...
ChurchCRM versions 4.5.3 and below suffer from a remote SQL injection vulnerability.
New research from Invicti shows that an increase in security scanning cadence contributes to improved security posture over time.
Compliance acts as primary driver for obtaining cyber insurance, but budget constraints hinder efforts.
Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest (formerly DEV-0950), which overlaps with other hacking groups like FIN11, TA505, and Evil
Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it apart. Capable of carrying out a broad spectrum of malicious activities, it excels not only in data
The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leaked show more ...
Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution.
A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). "The
A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Strava’s privacy isn’t so private, and a private investigator uncovers some TikTok tall tales. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by show more ...
Wednesday was the official Independence Day of Israel, and the event was "celebrated" in typical style by malicious hackers. Read more in my article on the Hot for Security blog.
Iranian state-sponsored hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere. Read more in my article on the Tripwire State of Security blog.
