If you ask any infosec expert what causes most incidents, the answer will almost certainly be the human factor. Most attacks on companies succeed because of employees inattention, ignorance and mistakes. At the same time, the human factor is the hardest threat to eliminate, because youre dealing not with obedient show more ...
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month’s relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that show more ...
The AI industry is pointing to the AI Village at DEF CON as a venue for assessing cybersecurity risk. But is a "village" the best way to test AI risk? Experts have their doubts. The post Is a DEF CON Village the right way to assess AI risk? appeared first on The Security Ledger with Paul F. Roberts. Related show more ...
Threat actors have created over 3,000 domains, some as old as two years, to lure in customers to false, name brand websites for personal financial gain.
While protecting critical infrastructure seems daunting, here are some critical steps the industry can take now to become more cyber resilient and mitigate risks.
The attack highlights growing interest among threat actors to target data from software-as-a-service providers.
Vendors and buyers both have the power to make the industry a better place. What's needed is more collaboration, mutual support, and respect.
Sophisticated attackers are lacing malware into PNG image files in order to steal cryptocurrency and business information.
In a major digital security breach, a website is offering personal data about Turkish citizens, including President Recep Tayyip Erdogan, that appears to have been stolen by hackers from a government services website.
Orange Cyberdefense published its Cy-Xplorer 2023 report noting that cyber extortion groups have shifted their focus from North America and Europe to Latin America. While cyber extortion victims were identified across 96 countries, certain regions witnessed a rise in popularity among threat actors throughout 2022. Cyber extortion is a problem that businesses cannot effectively address in isolation.
A newly discovered multi-stage AitM phishing and BEC attack campaign has been targeting banking and financial organizations. The phishing kit enabled the attackers to send out more than 16,000 emails to a target’s contacts as part of the second-stage phishing campaign. To remediate the issue, it is recommended to reset the passwords for compromised users.
The affected information, the company says, includes names, addresses, insurance data and medical billing, diagnosis and medication information, birth dates, and Social Security numbers.
The 2023 Verizon Data Breach Investigations Report (DBIR) has confirmed what the FBI’s Internet Crime Complaint Center has pointed out earlier this year: BEC scammers are ramping up their social engineering efforts to great success.
The latest victims to come forward are government organizations: the Illinois Department of Innovation & Technology (DoIT) and the Minnesota Department of Education (MDE).
Britain’s communications regulator Ofcom announced on Monday that confidential information that it held on companies it regulates was downloaded by hackers exploiting a vulnerability in the MOVEit file transfer tool.
Hackers have devised an intricate phishing attack by leveraging the reputation of Germany’s renowned Anga Com conference to send spoofed emails and create deceptive web pages, deceiving unsuspecting users into divulging their login credentials.
Zacks Investment Research (Zacks) has reportedly suffered an older, previously undisclosed data breach impacting 8.8 million customers, with the database now shared on a hacking forum.
The vulnerability, tracked as CVE-2023-27997, concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
The Kaiserslautern University of Applied Sciences (HS Kaiserslautern) has become the latest German-speaking university to be hit by a ransomware attack, following incidents affecting at least half a dozen similar institutions in recent months.
The attack occurred in February 2021 and forced the shutdown of the Spring Valley hospital’s computer network, impacting all web-based operations, including its patient portal. The Peru branch was not affected, as it operated on a separate system.
Cybercriminals have added a new malware loader called DoubleFinger to their arsenal for stealing cryptocurrency and business information. GreetingGhoul comprises two major components that work together to steal cryptocurrency credentials. To protect themselves, organizations must look at the TTPs and IOCs associated with the malware.
Vietnamese public companies have been targeted by the SPECTRALVIPER backdoor in an ongoing campaign. The backdoor, a previously undisclosed x64 variant, offers various capabilities including file manipulation, token impersonation, and PE loading. SPECTRALVIPER can be compiled as an executable or DLL to imitate known binary exports.
Security researchers from Horizon3 have released a proof-of-concept (PoC) exploit code for the CVE-2023-34362 flaw. The experts created the PoC exploit by performing reverse engineering of the patch released by the company.
Researchers warn that tools using the BatCloak component are becoming increasingly popular with adversaries, making the already difficult task of detecting BAT files harder.
As AI models become more sophisticated and firms explore how they can drive efficiencies within business, it is important to ensure that they are used in a way that enhances organizational humanity, rather than replacing it.
The Play ransomware attack suffered by the IT services provider Xplain is worse than initially estimated, the incident also impacted the national railway company of Switzerland (FSS) and the canton of Aargau.
Organizations are still grappling with identity-related incidents, with an alarming 90% reporting one in the last 12 months, a 6% increase from last year, according to The Identity Defined Security Alliance (IDSA).
This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.29 and below by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable show more ...
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
Debian Linux Security Advisory 5425-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
Debian Linux Security Advisory 5424-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
Ubuntu Security Notice 6160-1 - It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 6159-1 - It was discovered that Tornado incorrectly handled certain redirect. An remote attacker could possibly use this issue to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Ubuntu Security Notice 6158-1 - It was discovered that Node Fetch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.
Ubuntu Security Notice 6143-2 - USN-6143-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these show more ...
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Ubuntu Security Notice 6157-1 - Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6148-1 - It was discovered that SNI Proxy did not properly handle wildcard backend hosts. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service, or arbitrary code execution.
Ubuntu Security Notice 6156-1 - It was discovered that SSSD incorrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges.
Ubuntu Security Notice 6155-1 - Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information.
Ubuntu Security Notice 6154-1 - It was discovered that Vim was using uninitialized memory when fuzzy matching, which could lead to invalid memory access. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu show more ...
ProLogin version 1.9 suffers from an insecure direct object reference vulnerability.
Piyanas version 0.1 suffers from a cross site request forgery vulnerability.
phpAnalyzer version 2.0.4 appears to leave default credentials installed after installation.
EasyAnswer version 1.0.1 suffers from a cross site request forgery vulnerability.
Online Thesis Archiving System version 1.0 suffers from a remote SQL injection vulnerability.
Xoops CMS version 2.5.10 suffers from a persistent cross site scripting vulnerability.
This proof of concept abuses an SQL injection vulnerability in MOVEit to obtain a sysadmin API access token and then use that access to abuse a deserialization call to obtain remote code execution. This proof of concept needs to reach out to an Identity Provider endpoint which hosts proper RS256 certificates used to show more ...
The average cost of a data breach is $4.35 million. Understand the power of public key infrastructure (PKI) and its role in encrypting data and battling breaches.
Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could
"Dozens" of organizations across the world have been targeted as part of a broad business email compromise (BEC) campaign that involved the use of adversary-in-the-middle (AitM) techniques to carry out the attacks. "Following a successful phishing attempt, the threat actor gained initial access to one of the victim employee's account and executed an 'adversary-in-the-middle' attack to bypass
Believe it or not, your attack surface is expanding faster than you realize. How? APIs, of course! More formally known as application programming interfaces, API calls are growing twice as fast as HTML traffic, making APIs an ideal candidate for new security solutions aimed at protecting customer data, according to Cloudflare. According to the "Quantifying the Cost of API Insecurity" report, US
The U.S. Department of Justice (DoJ) has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox. According to unsealed indictments released last week, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, have been accused of conspiring to launder approximately 647,000 bitcoins stolen from September 2011 through at
A novel multi-stage loader called DoubleFinger has been observed delivering a cryptocurrency stealer dubbed GreetingGhoul in what's an advanced attack targeting users in Europe, the U.S., and Latin America. "DoubleFinger is deployed on the target machine, when the victim opens a malicious PIF attachment in an email message, ultimately executing the first of DoubleFinger's loader stages,"
It might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures (CVEs) often make headlines in the cybersecurity world, secrets management remains an overlooked issue that can have immediate and impactful consequences for corporate safety. A recent study by GitGuardian found that 75% of IT
More than ten years after the hack of the now-defunct Mt. Gox cryptocurrency exchange, the US Department of Justice says it has identified and charged two men it alleges stole customers' funds and the exchange's private keys. Read more in my article on the Tripwire State of Security blog.
The UK's broadcasting regulator, Ofcom, has confirmed that it is amongst the organisations whose data has been stolen as a result of the massive MOVEit supply-chain cyber attack. Read more in my article on the Hot for Security blog.
