Researchers at both the University of Maryland in the U.S. and Tsinghua University in China have published a scientific paper documenting a new side-channel attack method that exploits a previously unknown hardware vulnerability in Intel processors. Although the vulnerability seems to affect the chipmakers latest show more ...
The data shows how most cyberattacks start, so basic steps can help organizations avoid becoming the latest statistic.
In an advisory released by the company, Apple revealed patches for three previously unknown bugs it says may already have been used by attackers.
As we share an increasing amount of personal information online, we create more opportunities for threat actors to steal our identities.
As enterprises adopt multicloud, the security picture has gotten foggy. Cloud workload protection platforms and distributed firewalls are creating clarity.
New rules aim to level up the quality of submissions to Google and Android device Vulnerability Reward Program.
It's not lack of data that's the problem, but the inability to piece it together to truly understand and reduce risk.
Easy Healthcare will also be required to pay a $100,000 civil penalty for violating HBNR, as well as an additional $100,000 each to Connecticut, the District of Columbia, and Oregon for violating their respective laws.
Federal agencies have stepped up efforts to boost intelligence sharing and build industry resilience amid a wave of increased cyber threats against critical infrastructure providers.
Apple addressed the three zero-days in macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5 with improved bounds checks, input validation, and memory management.
The LockBit ransomware group on Tuesday published 1.5 terabytes of personal and financial information the group said it stole from Bank Syariah Indonesia after ransom negotiations broke down.
The new quality rating system, the internet giant says, should encourage researchers to provide more details on the identified security defects and should also help address them faster.
Analyzing the info-stealer with a decompiler, researchers noticed a number of interesting function names, including anti-debugging features and stealing data from web browsers, Discord, Steam, and cryptocurrency wallets, among others.
The volume of identity fraud incidents last year barely changed from an all-time high recorded in 2021, with Google Voice accounts the most popular target, according to the Identity Theft Resource Center (ITRC).
Yevgeny Kotikov was found guilty of targeting the information resources of the Russian Ministry of Defence as well as the website of the president, according to state-owned news agency TASS.
In its latest campaign, BatLoader is using MSIX Windows App Installer files to infect devices with Redline Stealer. This is not the first time BatLoader has targeted users searching for AI tools.
UMass Memorial Health has agreed to pay $1.2 million to settle wage and hour claims stemming from a ransomware attack that took down its timekeeping system, according to court documents filed Friday.
“According to our findings, Microsoft Teams is one of the ten most targeted sign-in applications, with nearly 40% of targeted organizations having at least one unauthorized login attempt trying to gain access,” said researchers at Proofpoint.
After BleepingComputer contacted Luxottica about the published data, the firm confirmed that the leaked data came from a security incident that impacted a third-party contractor holding customer data.
The Department of Justice revealed today that an 18-year-old man named Joseph Garrison from Wisconsin had been charged with hacking into the accounts of around 60,000 users of the DraftKings sports betting website in November 2022.
Dunghill sent an email to TechTarget Editorial with a link to a Tor site that allegedly contained 5 TB of sensitive corporate data, including emails, client documents, and the personal data of 10,000 Gentex employees such as Social Security numbers.
In a statement on Thursday to the Regulatory News Service — the formal mechanism for publicly listed companies in the U.K. to communicate to the market — Vesuvius said despite the episode, it had exceeded trading expectations.
The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down.
EyeMed Vision Care, a major eye insurance provider, will pay a fine of $2.5 million after settling a lawsuit from four states about a 2020 data breach that exposed the personal information of about 2.1 million people.
About $4.8 million of those costs were related to continuing operations. The attack had a limited overall impact on its operations, with the main disruption occurring in its fresh vegetables and Chilean business.
A cyberattack on Sysco, one of the world’s largest food distributors, gave hackers access to the sensitive personal information of more than 125,000 current and former employees.
Offered under a malware-as-a-service (MaaS) model since 2018, Golden Chickens has been used by the Russia-based Cobalt Group and FIN6 cybercrime rings to target organizations in various industries, causing financial losses or more than $1.4 billion.
Accenture has made a strategic investment, through Accenture Ventures, in SpiderOak, a Reston, Virginia-based leader in zero-trust cybersecurity and resiliency solutions for next-generation space systems. The amount of the deal was not disclosed.
A newly discovered campaign related to the Bad Magic APT involved use of a modular framework dubbed CloudWizard. Its features include taking screenshots, microphone recording, keylogging, and more.
Secure remote access is essential for industrial organizations, but many employees who took part in a recent survey by Cyolo expressed concerns about the associated risks.
Ubuntu Security Notice 6092-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. Xingyuan Mo discovered that the x86 KVM show more ...
CiviCRM version 5.59.alpha1 suffers from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2023-3167-01 - New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Issues addressed include a denial of service vulnerability.
ChurchCRM version 4.5.4 suffers from a cross site scripting vulnerability. Related CVE number: CVE-2023-31699.
Ubuntu Security Notice 6091-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Ziming Zhang discovered that the VMware Virtual GPU DRM show more ...
MobileTrans version 4.0.11 suffers from having a weak service permission vulnerability.
Red Hat Security Advisory 2023-3229-01 - An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Important. Issues addressed include a bypass vulnerability.
Filmora version 12 Build 1.0.0.7 suffers from an unquoted service path vulnerability.
Ubuntu Security Notice 6090-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Zheng Wang discovered that the Intel i915 graphics driver show more ...
Bludit CMS version 3.14.1 suffers from a persistent cross site scripting vulnerability.
Ubuntu Security Notice 6089-1 - It was discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-0584-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.1. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3195-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site scripting, information leakage, and insecure permissions vulnerabilities.
85% of AppSec pros say ability to differentiate between real risks and noise is critical, yet only 38% can do so today; mature DevOps organizations cite widespread impact due to lack of cloud-native tools
Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with
Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware. "Both AI services are extremely popular but lack first-party standalone apps (i.e., users interface with ChatGPT via their web interface while Midjourney uses Discord)," eSentire
Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for 1% of Chrome users globally in the first quarter of 2024. "This will support developers in conducting
Active Directory (AD) is among the oldest pieces of software still used in the production environment and can be found in most organizations today. This is despite the fact that its historical security gaps have never been amended. For example, because of its inability to apply any security measures beyond checking for a password and username match, AD (as well the resources it manages) is
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat. The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down. ReversingLabs, which broke
A joint alert has been issued by US government agencies, advising organisations of the steps they should take to mitigate the threat posed by BianLian ransomware attacks.
