By 2030, the number of connected devices in the world is expected to reach 24 billion. This statistic includes a multitude of household systems and accessories: smart watches, fitness bands, speakers with intellectual voice assistants, and all the devices they control. It also covers smart ATMs, POS terminals, video show more ...
Supplementing staff by hiring hackers to seek holes in a company's defense makes economic sense in a downturn. Could they be cybersecurity's unlikely heroes in a recession?
Relatively few organizations have the resources for security programs and security professionals, so the US cyber agency is putting programs in place to help them, while striving to understand the scope of the problem itself.
Field programmable gate arrays are particularly useful for organizations that are embracing new edge computing devices and applications.
New "Greatness" phishing-as-a-service used in attacks targeting manufacturing, healthcare, technology, and other sectors.
Attackers compromised the personal email of a new employee and, when the initial attack failed, attempted through socially engineered messages to get the company to pay them off.
RSA's Innovation Sandbox 2023 focused on the software supply chain, as well as attack surfaces exposed by generative AI, ML systems, and APIs.
Two years ago, a popular ransomware-as-a-service group's source code got leaked. Now other ransomware groups are using it for their own purposes.
Boards love to say they have low risk tolerance, but are they willing to make the expensive and painful decisions to make it truly happen?
Company executives at Google I/O described tools such as About This Image, Safe Browsing API, and others to help keep users safe online.
Data on more than 830K people exposed in the 2021 cyberattack.
Corgan got FBI involved to track down the cybercriminal, who had stolen from other artists as well, he said.
The National Gallery of Canada first discovered the attack on April 23 and attempted to isolate the affected networks while hiring a cybersecurity company to conduct a forensic investigation.
Another ransomware operation has been unveiled called Cactus. Operating since at least March 2023, its unique feature is to encrypt itself to stay under the radar. The malware strain exploits known vulnerabilities in Fortinet VPN appliances. Organizations are urged to adopt a proactive defense strategy that includes applying the latest software updates.
According to CyberArk, which developed and published the 'White Phoenix' encryptor, this tactic introduces weaknesses to the encryption, as leaving parts of the original files unencrypted creates the potential for free data recovery.
Researchers have identified a fraudulent website designed to deceive users by posing as the popular Russian platform CryptoPro CSP. Attackers drop DarkWatchman RAT during the attack to steal data. This innovative tactic places it in the category of fileless malware and indicates that the operators are highly sophisticated.
MalwareHunterTeam took the wraps off of the Akira ransomware group that has been penetrating corporate networks globally and subsequently asking for up to millions of dollars in ransom payments. For those not willing to pay for decryptors, criminals suggest reducing the ransom amount just to avoid data leaks. The malware first surfaced in March.
Threat actors encrypted data in three in four ransomware attacks last year, the highest rate of data encryption linked to ransomware in at least four years, according to research Sophos released Wednesday.
A possibly Russian state hacking group has been deploying a novel backdoor against international governmental targets located in Kazakhstan and Afghanistan, reports Bitdefender.
DEF CON’s AI Village will host the first public assessment of large language models (LLMs) at the 31st edition of the hacker convention this August, aimed at finding bugs in and uncovering the potential for misuse of AI models.
A variety of different threats come in on a daily basis, but the U.S. needs to be able to build a system that can withstand malicious activity regardless of where the threat is coming from, according to Acting National Cyber Director Kemba Walden.
Push protection stops the leaking of secrets by scanning a code commit before it gets pushed. Developers get alerted directly in their integrated development environment (IDE) or command line interface (CLI).
The industrial cybersecurity vendor said a known ransomware group breached its defenses and accessed threat intel reports, a SharePoint portal, and a customer support system but ultimately failed in an elaborate extortion scheme.
Asked about the Board and C-Suite‘s understanding of cybersecurity across the organization, only 39% of respondents think their company’s leadership has a sound understanding of cybersecurity’s role as a business enabler, according to Delinea.
A couple of Iranian state-sponsored groups were observed targeting a recently patched flaw in PaperCut MF/NG print management solutions. According to Microsoft, Mint Sandstorm and Mango Sandstorm modified their arsenal in accordance with publicly available PoC exploit codes. It is recommended defenders upgrade their PaperCut MF and PaperCut NG software to versions 20.1.7, 21.2.11, and 22.0.9 or newer, asap.
Ransomware remains one of the biggest cyber threats for private organizations and governments. However, hackers are engineering new ways to extract ransom from their victims as organizations take a conscious call to decline ransom payment demands.
Multiple threat actors have capitalized on the leak of Babuk (aka Babak or Babyk) ransomware code in September 2021 to build as many as nine different ransomware families capable of targeting VMware ESXi systems.
The number of ransomware claims filed by U.S. clients of insurance broker Marsh spiked 77% in the first quarter of the year compared with the prior three-month period, the company told CFO Dive.
While looking for activities from the usual suspects, one of our former coworkers at Malwarebytes Threat Intelligence Team discovered a new interesting lure that targeted the Eastern Ukraine region and reported that finding to the public.
The convenience of using QR codes is being abused by cybercriminals who are creating fraudulent QR codes for survey forms or parking ticket payment portals to rob users of their money and credentials. Follow the FBI’s advisory to avoid falling victim to such scams.
Malicious actors are increasingly exploiting legitimate tools to accomplish their goals, which include disabling security measures, lateral movement, and transferring files. Using commonly available tools allows attackers to evade detection.
Wired and wireless networking equipment maker Ruckus was targeted by a DDoS botnet threat named AndoryuBot that has been exploiting a recently patched bug in Ruckus access points (APs). Upon infection, the botnet rapidly propagates and initiates communication with its command-and-control (C2) server using the SOCKS protocol.
The new funding, the company says, will enable it to expand its employee base and accelerate the development of privacy solutions, such as a cross-chain messaging system.
To use Greatness, affiliates must deploy and configure a provided phishing kit with an API key that allows even unskilled threat actors to easily take advantage of the service’s more advanced features.
About 24,000 customers of broadband service provider WhizComms, or roughly half its customer base, had their personal information stolen by an external party in a data breach incident detected on April 21.
Twitter is officially beginning to roll out support for encrypted direct messages (DMs) on the platform, more than six months after its chief executive Elon Musk confirmed plans for the feature in November 2022.
The Korean National Police Agency (KNPA) warned that North Korean hackers had breached the network of one of the country's largest hospitals, Seoul National University Hospital (SNUH), to steal sensitive medical information and personal details.
The Huron-Superior Catholic District School Board has sent letters to students and former students informing them their personal information was compromised in a cyber attack that was first announced on December 15, 2022.
The confidential drug and alcohol test results of graduate paramedics were available for every Ambulance Victoria staff member to view under a significant breach that is set to be reported to the state’s privacy watchdog.
Under the terms of the Arrangement Agreement, Absolute shareholders will receive $11.50 per Common Share in cash on completion of the Acquisition, corresponding to an enterprise value of approximately $870 million, inclusive of the debt.
Debian Linux Security Advisory 5400-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing or permission request bypass.
HouseKit version 1.0 suffers from a cross site scripting vulnerability.
HouseKit version 1.0 suffers from a remote SQL injection vulnerability.
Ubuntu Security Notice 6072-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the show more ...
The Windows kernel suffers from out-of-bounds read vulnerabilities when operating on invalid registry paths in CmpDoReDoCreateKey / CmpDoReOpenTransKey.
Red Hat Security Advisory 2023-2728-01 - The Red Hat OpenShift Distributed Tracing 2.8 container images have been updated. CVE-2022-41717 was fixed as part of this release. Users of Red Hat OpenShift Distributed Tracing 2.8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs, and add these enhancements.
The Windows Kernel suffers from a disclosure of kernel pointers and uninitialized memory through registry KTM transaction log files.
Ubuntu Security Notice 6071-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the show more ...
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is vulnerable to an authentication bypass (CVE-2022-43939) and a Server Side Template Injection (SSTI) vulnerability (CVE-2022-43769) that can be chained together to achieve unauthenticated code execution as the show more ...
There is a heap buffer overflow in Shannon Baseband when processing the Retry-After header in the SIP protocol decoder (IMSPL_SipRetryAfter.c according to the debug strings in the firmware image).
Ubuntu Security Notice 6070-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the show more ...
There is a stack buffer overflow in Shannon Baseband when processing the Min-SE header in the SIP protocol decoder (IMSPL_SipMinSE.c according to the debug strings in the firmware image).
There is a negative-size memcpy (heap overflow) when decoding the body of SIP multipart messages. According to debug strings in the modem image, this functionality is implemented in IMSPL_SipFragDecode.
Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.
Ubuntu Security Notice 6069-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed.
There is a stack buffer overflow in Shannon Baseband when processing the Session-Expires header in the SIP protocol decoder (IMSPL_SipDecode.c according to the debug strings in the firmware image).
There is a stack buffer overflow in Shannon Baseband when processing the status line of a SIP message (this happens in IMSPL_SipStatusLine.c according to the debug strings in the firmware image).
There is a stack buffer overflow in Shannon Baseband when processing the Via header in the SIP protocol decoder (IMSPL_SipDecode.c according to the debug strings in the firmware image).
GaanaGawaana version 1.0 suffers from a remote SQL injection vulnerability.
GaanaGawaana version 1.0 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-2710-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You show more ...
In Windows Registry, security descriptors are shared by multiple keys, and thus reference counted via the _CM_KEY_SECURITY.ReferenceCount field. It is critical for system security that the kernel correctly keeps track of the references, so that the sum of the ReferenceCount fields is equal to the number of keys in the show more ...
There is a stack buffer overflow in Shannon Baseband in the SIP URI decoder. According to the debug strings present in the firmware image, this decoder corresponds to IMSPL_SipUri.c.
Red Hat Security Advisory 2023-2713-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.3 serves as a replacement for Red Hat show more ...
Red Hat Security Advisory 2023-2029-01 - The OpenShift Security Profiles Operator v0.7.0 is now available. Issues addressed include a denial of service vulnerability.
The 2023 AT&T Cybersecurity Insights Report examines how edge use cases are evolving, how organizations are changing to deliver better business outcomes through digital first experiences, and how an integrated ecosystem can work together to put security at the core of edge computing.
New data shows cyberattacks targeting software supply chains will cost the global economy $80.6 billion annually by 2026.
Watch News Desk interviews with Dark Reading and cybersecurity leaders as they discuss trends and industry drivers druing RSA Conference 2023 in San Francisco.
Twitter is officially beginning to roll out support for encrypted direct messages (DMs) on the platform, more than six months after its chief executive Elon Musk confirmed plans for the feature in November 2022. The "Phase 1" of the initiative will appear as separate conversations alongside existing direct messages on users' inboxes. Encrypted chats carry a lock icon badge to visually
GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago, said it's also extending push protection to all public repositories at no extra cost. The
A nascent botnet called Andoryu has been found to exploit a now-patched critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices. The flaw, tracked as CVE-2023-25717 (CVSS score: 9.8), stems from improper handling of HTTP requests, leading to unauthenticated remote code execution and a complete compromise of wireless Access Point (AP) equipment. Andoryu was
Multiple threat actors have capitalized on the leak of Babuk (aka Babak or Babyk) ransomware code in September 2021 to build as many as nine different ransomware families capable of targeting VMware ESXi systems. "These variants emerged through H2 2022 and H1 2023, which shows an increasing trend of Babuk source code adoption," SentinelOne security researcher Alex Delamotte said in a report
According to Forrester, External Attack Surface Management (EASM) emerged as a market category in 2021 and gained popularity in 2022. In a different report, Gartner concluded that vulnerability management vendors are expanding their offerings to include Attack Surface Management (ASM) for a suite of comprehensive offensive security solutions. Recognition from global analysts has officially put
A previously undetected advanced persistent threat (APT) actor dubbed Red Stinger has been linked to attacks targeting Eastern Europe since 2020. "Military, transportation, and critical infrastructure were some of the entities being targeted, as well as some involved in the September East Ukraine referendums," Malwarebytes disclosed in a report published today. "Depending on the campaign,
The National Police of Spain said it arrested 40 individuals for their alleged involvement in an organized crime gang called Trinitarians. Among those apprehended include two hackers who carried out bank scams through phishing and smishing techniques and 15 other members of the crime syndicate, who have all been charged with a number of offenses such as bank fraud, forging documents, identity
Twitter shares explicit photos without users' permission, one US company can look forward to a $1.4 billion payout seven years after an infamous cyberattack, and how might hackers target Eurovision? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by show more ...
Akira is a new family of ransomware, first used in cybercrime attacks in March 2023. Read more about the threat in my article on the Tripwire State of Security blog.
