Social media data can provide critical clues to help get ahead of the next cyberattack, experts say.
With shades of the GoAnywhere attacks, a cyber threat actor linked to FIN11 is leveraging a bug in the widely used managed file transfer product to steal data from organizations in multiple countries.
Some billion-dollar organizations have already been identified as victims of the prolific ransomware group's latest exploit, amidst ongoing attacks.
Moonlighter, which offers red teams a chance at operational disruption, will be up for pwning at in August, timed with DEF CON.
To stem supply chain attacks, forging a new dynamic of shared cybersecurity hygiene accountability is the right thing to do.
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
A firmware update for hundreds of Gigabyte PC models gets rid of a backdoor capability that could be hijacked by cybercriminals, the company says.
With the leak of information such as Social Security numbers, in addition to other protected information, 600,000 of the nearly 2.5 million affected are at risk for identity theft.
Cybersecurity researcher Wladimir Palant analyzed the PDF Toolbox extension (2 million downloads) available from Chrome Web Store and found that it included code that was disguised as a legitimate extension API wrapper.
"TrueBot is a downloader trojan botnet that uses command and control servers to collect information on compromised systems and uses that compromised system as a launching point for further attacks," VMware's Fae Carlisle said.
"We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly," tweeted Atomic Wallet.
Russia’s telecom giant Rostelecom is planning to provide government officials with mobile phones running on the Aurora operating system — a domestic alternative to Western software.
UL Hospitals Group, responsible for managing six hospitals in the midwest region, announced a data breach resulting in the inadvertent sharing of personal and medical information belonging to over 1,000 patients with an unknown third party.
It was built by The Aerospace Corporation, a federally funded research and development center in southern California, in partnership with the US Space Systems Command and the Air Force Research Laboratory.
CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer (MFT) solution to its list of known exploited vulnerabilities, ordering U.S. federal agencies to patch their systems by June 23.
The Los Angeles company, co-founded by cybersecurity veterans from the U.S. government and Amazon, said the seed-stage funding came from multiple investment firms, including MaC Venture Capital, Founders Fund, Village Global, and Countdown Capital.
Swiss police launched an investigation into the cyberattack that hit the Bernese IT company Xplain, which provides its services to several federal and cantonal government departments, the army, customs, and the Federal Office of Police (Fedpol).
At institutions like the University of Texas at Austin, MIT, the University of Georgia, and UC Berkeley, cyber clinics are working to protect local institutions from cyber threats by training and deploying students to government and community groups.
Forced verification and deepfake cases multiply at alarming rates in the UK and continental Europe, according to Sumsub. In Germany alone, forced verification grew by 1500% as a proportion of all fraud cases to 5% of all fraud in Q1 2023.
The attack chain primarily leverages social engineering, banking on Portuguese and Spanish emails containing tax- or traffic violation-themed lures to trigger the infections and gain unauthorized access to victims' systems.
Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting the CVE-2023-28771, CVE-2023-33009, and CVE-2023-33010 vulnerabilities.
A threat actor was discovered promoting a tool called Terminator that can reportedly bypass 24 antivirus, EDR, and XDR solutions. However, Crowdstrike found that it uses a Bring Your Own Vulnerable Driver (BYOVD) attack. Presently, the vulnerable driver used by Terminator is only being identified by a solitary anti-malware scanning engine, as indicated by a VirusTotal scan.
Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable information (PII) and credit card data from e-commerce websites.
A new Magecart-style skimming campaign has been spotted in the wild wherein threat actors host their malicious codes on legitimate sites and inject malicious code on e-Commerce sites in the next phase of the attack. To further enhance the stealthiness of their attack, the threat actors have employed Base64 encoding to obfuscate the credit card skimmer.
Cybersecurity experts are grappling with new strategies that surpass conventional domain-based inspection methods, with a growing focus on exploiting legitimate business tools like SharePoint and other trusted sources to deliver attacks.
The Play ransomware group claimed this week that it attacked the bank and stole an undisclosed amount of private and personal confidential data, client and employee documents, passports, contracts, and more.
OpenAI said projects in scope include those that collect and label data from cyber defenders to train defensive cybersecurity agents; detect and mitigate social engineering tactics; automate incident triage, and identify security issues in code.
On Wednesday, the school vice president Jacinda Reitsma said the university had stopped an attempted ransomware attack on May 30 and has been working to limit the impact of the initial breach that preceded the cyberattack.
Microsoft says SMB signing (aka security signatures) will be required by default for all connections to defend against NTLM relay attacks, starting with today's Windows build (Enterprise edition) rolling out to Insiders in the Canary Channel.
The issue, disclosed last week by firmware and hardware security company Eclypsium, is that the firmware of more than 270 Gigabyte motherboards drops a Windows binary that is executed at boot-up to fetch and execute a payload from Gigabyte’s servers.
Online sellers are being targeted in a new campaign launched this week to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks.
The documentary, BREAKING the CODE: Cyber Secrets Revealed, reveals that the Australian Signals Directorate developed three payloads it could deploy to ISIL fighters' smartphones and PCs "without ISIL having to interact with the device in any way."
Mandiant has attributed the attack to UNC4857, a new threat cluster, and named the delivered webshell LemurLoot. Microsoft, on the other hand, is confident that the threat actor behind the Cl0p ransomware is responsible for the attack.
The database was exposed on May 16, 2023. Researchers identified the exposure on May 25, 2023, and since then, the information has remained exposed. Currently, the server holds over 100,000 customer records, totaling 400 GB in size.
In this paper, the authors present the efforts behind building a Special Interest Group (SIG) that seeks to develop a completely data-driven exploit scoring system that produces scores for all known vulnerabilities, that is freely available, and which adapts to new information.
Ubuntu Security Notice 6138-1 - Philip Turnbull discovered that libssh incorrectly handled rekeying with algorithm guessing. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. Kevin Backhouse discovered that libssh incorrectly handled verifying data signatures. A remote attacker could possibly use this issue to bypass authorization.
Ubuntu Security Notice 6137-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
Debian Linux Security Advisory 5418-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
Red Hat Security Advisory 2023-3379-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. This release of RHACS includes a fix for CVE-2023-24540 by building RHACS with updated Golang.
Ubuntu Security Notice 6135-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary show more ... code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-3305-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.1.
Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
Enrollment System Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Red Hat Security Advisory 2023-3303-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.1.
Total CMS version 1.7.4 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 6136-1 - It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. This issue only affected Ubuntu 23.04. It was discovered that FRR incorrectly handled parsing certain BGP show more ... messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.
Red Hat Security Advisory 2023-3351-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3361-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
Barebones CMS version 2.0.2 suffers from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2023-3349-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3350-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.
File Manager Advanced Shortcode version 2.3.2 suffers from a remote code execution vulnerability.
Red Hat Security Advisory 2023-3360-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. "apr-util" is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Ubuntu Security Notice 6112-2 - USN-6112-1 fixed vulnerabilities in Perl. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download show more ... modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules.
Red Hat Security Advisory 2023-3380-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private show more ... cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
WordPress Circle Progress plugin version 1.0 suffers from a persistent cross site scripting vulnerability.
In this Fast Chat segment, Dark Reading's Terry Sweeney and Varonis co-founder and CEO Yaki Faitelson discuss why we’re still seeing internal data breaches.
New AI feature enhances OnDOMAIN's capabilities to secure unknown vulnerabilities and strengthen network security posture.
Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable information (PII) and credit card data from e-commerce websites. A noteworthy aspect that sets it apart from other Magecart campaigns is that the hijacked sites further serve as "makeshift" command-and-control (C2) servers, using the cover to facilitate the
An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal. "This threat actor employs tactics such as LOLBaS (living-off-the-land binaries and scripts), along with CMD-based scripts to carry out its malicious activities," the BlackBerry Research and Intelligence Team said in a report
A surge in TrueBot activity was observed in May 2023, cybersecurity researchers disclosed. "TrueBot is a downloader trojan botnet that uses command and control servers to collect information on compromised systems and uses that compromised system as a launching point for further attacks," VMware's Fae Carlisle said. Active since at least 2017, TrueBot is linked to a group known as Silence that's
Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today. "CVE-2023-34362 allows attackers to
Over 55% of security executives report that they have experienced a SaaS security incident in the past two years — ranging from data leaks and data breaches to SaaS ransomware and malicious apps (as seen in figures 1 and 2). Figure 1. How many organizations have experienced a SaaS security incident within the past two years The SaaS Security Survey Report: Plans and Priorities for 2024,
Staff at the BBC have been warned that their personal data may now be in the hands of cybercriminals, following the exploitation of a vulnerability in a software tool used by the company that manages their payroll.
Twitter awarded "gold checkmark" to unofficial Disney Twitter account which posted racial slurs. Is it any wonder that Twitter's ad sales in the United Sales have plunged 59% in the past year?
