For the 297th edition of the Transatlantic Cable Podcast, Ahmed and I discuss a lot of stories that center around the hottest topic on the social web – AI. Our first story takes a look at how a company is now offering Deep Fakes for under $200… we opine about what could go wrong. From there, we jump over to recent show more ...
Not so long ago, the IT-security media space was once again full of cheery reports that Microsoft was finally burying Internet Explorer (IE). Lets recap the long story of how the once most-popular browser in the world was gradually disconnected from its life-support systems, and investigate whether its finally time to show more ...
The U.S. government this week put a $10 million bounty on a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov‘s card-checking service made show more ...
Sweeping changes implemented since the May 2021 cyberattack are helping — but more work remains to be done, security experts say.
One way to hide malicious activity is to make it look benign by blending in with regular traffic passing through content delivery networks (CDNs) and cloud service providers, according to a Netskope report.
As browsers become the center of many workers' days, isolation technologies shift to protecting the extended enterprise.
Being able to trace an incident backwards from breach to data source is vital in restoring and improving cybersecurity.
The Biden administration outlined its plans to ensure responsible AI development — cyber-risk is a core element.
Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.
Tell other CISO's "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan.
The online fraud prevention industry has taken the brunt of increased privacy actions.
One year after Apple, Google and Microsoft pledged to support the FIDO Alliance’s passkeys standard, support is growing, though still early in adoption.
A new report by Cofense revealed that the volume of malicious campaigns utilizing Telegram bots in Q1 2023 exceeded that of Q4 2022 by 397% and surpassed the entire volume of 2022 by 310%. Additionally, YouTube was listed in the top 10 domains being used by threat actors to launch redirect phishing attacks.
A group of advanced persistent hackers, who go by the alias Dragon Breath, has adopted a new strategy of utilizing multiple sophisticated versions of the conventional DLL sideloading method to avoid detection. Its attack strategy involves using an initial vector that exploits a legitimate application, often Telegram, to sideload a second-stage payload, which may also be benign.
Digital risks confronting organizations remain the same year after year, and the threat and potential damage awaiting unsuspecting victims are abundantly clear. Yet, many organizations still struggle to address the fundamentals of cybersecurity.
In the multi-stage attack chain for IcedID, phishing emails, fake Zoom installers, malicious .one files, and malvertising campaigns are all plausible infection methods that can ultimately direct victims toward websites hosting malicious payloads.
An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection.
Kaspersky reveals that Fleckpe is the newest addition to the realm of malware that generates unauthorized charges by subscribing users to premium services, joining the ranks of other malicious Android malware, such as Jocker and Harly.
The company intends to use the funds to support its strategic objectives, including acquiring Proxios, which expands its physical presence in the mid-Atlantic states, while broadening its client base in the healthcare, legal, and non-profit sectors.
The leaks of classified documents online by a Massachusetts Air National Guard member have had an emotional impact on the government agencies that produce those products, the director of national intelligence told Congress on Thursday.
Most global organizations anticipate suffering a data breach or cyber-attack in the next 12 months, despite cyber-risk levels falling overall, according to a new report from Trend Micro.
According to a CyberRisk Alliance Business Intelligence survey, nearly three-quarters (73%) of respondents say their organization has an incident response playbook to guide decision-making during a cybersecurity incident.
Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019.
A vulnerability in OpenAI’s account validation process allowed anyone to obtain virtually unlimited free credit for the company’s services by registering new accounts using the same phone number, application security firm Checkmarx says.
Joe Sullivan won't serve any serious time behind bars for his role in covering up Uber's 2016 computer security breach and trying to pass off a ransom payment as a bug bounty.
The latest Android updates patch more than 40 security vulnerabilities in the Framework, System, Kernel, Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components.
The vulnerability, tracked as CVE-2023-28489, impacts the CPCI85 firmware of Sicam A8000 CP-8031 and CP-8050 products, and it can be exploited by an unauthenticated attacker for remote code execution.
ScarCruft, a North Korean threat group, has been attempting to deliver the RokRAT malware since July 2022 using oversized LNK files. The malware is capable of targeting macOS (CloudMensis) and Android (RambleOn). The malware variants are equipped to carry out a range of activities such as credential theft, data exfiltration, command and shellcode execution, file and directory management, and more.
After more than six months of no activity, Chinese state-sponsored threat group Earth Longzhi is back with new tricks up its sleeves in a new series of attacks. The attackers aim at IIS and Microsoft Exchange servers exposed to the internet to get access to the networks to install the Behinder web shell. Protection against such threats demands a proactive defense strategy.
SentinelLabs has observed ongoing attacks from Kimsuky, a North Korean state-sponsored APT that has a long history of targeting organizations across Asia, North America, and Europe.
“This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware,” Cisco’s security advisory explains.
Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS).
“Access to the site has been disrupted since this morning,” the upper house of Parliament said on Twitter shortly before midday, saying a team was busy fixing the problem.
Three security vulnerabilities in the Azure API Management service could be exploited to perform various types of malicious actions, cloud security company Ermetic reveals.
Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework.
Fortinet this week announced its monthly set of security updates that address nine vulnerabilities in multiple products, including two high-severity bugs in FortiADC, FortiOS, and FortiProxy.
Debian Linux Security Advisory 5399-1 - Several vulnerabilities were discovered in odoo, a suite of web based open source business apps.
Proof of concept exploit for Oracle RMAN on Oracle database versions 19c, 18c, 12.2.0.1, and 12.1.0.2 where recovery actions are not adequately logged.
Online Pizza Ordering System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
Ubuntu Security Notice 6058-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges.
Codigo Markdown Editor version 1.0.1 suffers from an arbitrary code execution vulnerability.
Debian Linux Security Advisory 5398-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
wfc-pkt-router suffers from a vulnerability where it can wrongly bind to an external network interface instead of the VPN tunnel.
There is an integer overflow in Shannon Baseband leading to a heap buffer overflow when reassembling IPv4 fragments. According to the debug strings, this corresponding functionality is implemented in SmdtIp4Rx::ProcessFragments function and its callees.
Ubuntu Security Notice 6057-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux show more ...
UliCMS version 2023-1 Sniffing-Vicuna suffers from a remote shell upload vulnerability.
UliCMS version 2023-1 Sniffing-Vicuna suffers from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2023-2137-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
File Thingie version 2.5.7 remote shell upload exploit. This exploit is based on the vulnerability priorly discovered by Cakes in September of 2019.
Red Hat Security Advisory 2023-2136-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
Wolf CMS version 0.8.3.1 suffers from a remote shell upload vulnerability.
Debian Linux Security Advisory 5396-2 - The webkit2gtk update released as 5396-1 introduced a compatibility problem that caused Evolution to display e-mail incorrectly. Evolution has been updated to solve this issue.
Pluck CMS version 4.7.18 suffers from a persistent cross site scripting vulnerability.
Ubuntu Security Notice 6056-1 - It was discovered that a race condition existed in the Xen transport layer implementation for the 9P file system protocol in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or expose sensitive information.
Red Hat Security Advisory 2023-2126-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Apple Security Advisory 2023-05-03-1 - AirPods Firmware Update 5E133 and Beats Firmware Update 5B66 address bluetooth authentication vulnerabilities.
Red Hat Security Advisory 2023-2124-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2121-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
EasyPHP Webserver version 14.1 suffers from remote code execution and path traversal vulnerabilities.
Red Hat Security Advisory 2023-2122-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2120-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Strategic investment builds upon long-standing partnership and reinforces Databricks’ commitment to Immuta as its trusted partner for data security.
Discover how unifying XDR and SIEM in a single platform provides comprehensive protection against modern threats.
Addressing data access blindspots commonly faced by enterprises, data security leader launches the first open-source authorization analysis tool to provide universal visibility into data access permissions across multiple data stores.
KnowBe4 is offering a no-cost password kit to help end users practice good password hygiene and strengthen their defenses against social engineering.
Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices. The issue, tracked as CVE-2023-20126, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. The company credited Catalpa of DBappSecurity for reporting the shortcoming. The product in question makes it possible
A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs. The apps have since been taken down. The operation primarily targeted users
Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. "The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter legitimate banking transfers performed by the victims by changing the beneficiary and transferring
The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. "[ReconShark] is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads, and the execution of malicious macros," SentinelOne researchers Tom Hegel
Third-party apps such as Google Analytics, Meta Pixel, HotJar, and JQuery have become critical tools for businesses to optimize their website performance and services for a global audience. However, as their importance has grown, so has the threat of cyber incidents involving unmanaged third-party apps and open-source tools. Online businesses increasingly struggle to maintain complete visibility
PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their show more ...
Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework. "The malware features several malicious Android applications that mimic legitimate applications, most of which have more than 1,000,000 installs," Check Point said in
Cinema chain Odeon may have shared more information than it intended in the release notes accompanying its latest iOS app update.
Millions of WordPress-powered websites are using the Advanced Custom Fields and Advanced Custom Fields Pro plugins, which security researchers say have been vulnerable to cross-site scripting (XSS) attacks.
