Episode 302 of the Transatlantic Cable kicks off with discussions around the Clop ransomware gang issuing ultimatums to affected businesses. From there the team look at how ChatGPT is being used to create mutating malware which is capable of evading EDR; how a newly discovered malware dubbed DoubleFinger is being show more ...
The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security show more ...
A third perp has been fingered, but CISA warns that LockBit variants continue to be a major threat on a global scale.
It's easy to find free training in cybersecurity, but is free the best option for entering the field?
The academy is meant to ensure a safe and strong telecommunication service and information technologies for Angola's citizens, the president said.
Attackers continue to attempt to steal Bitcoin and other virtual coins, with a 40% increase in phishing attacks and fourfold increase in incidents.
A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances.
NetSecOpen recently released a new draft of its testing and benchmarking guide, which could be adopted later this year.
Microsoft says Cadet Blizzard wielded a custom wiper malware in the weeks leading up to Russia's invasion of Ukraine, and it remains capable of wanton destruction.
A new version of the infamous browser extension is spreading through files on websites offering pirated wares, and leverages unique persistence mechanisms.
Organizations that remain compliant with data-sovereignty regulations while enabling cross-border data sharing gain significant competitive advantage because they can make quick, agile, and informed decisions.
What makes the CVE-2023-32019 patch stand out from other security updates issued as part of the June 2023 Patch Tuesday is that it's disabled by default, even after applying this week's updates.
Threat actors continued to evolve their tactics to sidestep user defenses in 2022, with multi-factor authentication (MFA) bypass kits accounting for millions of phishing messages, according to Proofpoint.
At least half a dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service.
A phishing operation was discovered impersonating WannaCry ransomware (WannaCry 3.0) and targeting Russian-speaking gamers. The phishing page mimics the official Enlisted Game website to spread infection. The ransomware is in fact a customized edition of an open-source ransomware tool called Crypter. This variant was specifically developed for Windows systems and was written in Python.
HP's analysts report that in the campaign that started in March 2023, ChromeLoader is distributed via a network of malicious websites that promise free downloads of copyrighted music, movies, or video games.
The tension between difficult economic conditions and the pace of technology innovation, including the evolution of AI, is influencing the growth of identity-led cybersecurity exposure, according to CyberArk.
The ransomware bundled with the game installer pretends to be the third major version of the notorious WannaCry, even using the '.wncry' file extension on encrypted files.
The seed funding was led by global cybersecurity specialist investor Ten Eleven Ventures. “Our unique ability lies in knowing the attacker’s TTPs – what they are doing to prepare for an attack or campaign,” said Ken Bagnall, CEO of Silent Push.
The flaws, which exploited a weakness in the postMessage iframe, could have exposed Azure users to potential security breaches. The vulnerabilities were found in Azure Bastion and Azure Container Registry.
The Earth Preta APT group has expanded its targets to different regions and is using new arrival vectors such as MIROGO and QMAGENT. TONEDROP is a new dropper used by the group that drops the TONEINS and TONESHELL pieces of malware.
Skuld, which shares overlaps with publicly available stealers like Creal Stealer, Luna Grabber, and BlackCap Grabber, is the handiwork of a developer who goes by the online alias Deathined on platforms like GitHub, Twitter, Reddit, and Tumblr.
The ‘low and minimal risk’ AI tools will not be regulated, while the ‘limited risk’ ones will need to be transparent. The ‘high-risk’ AI practices, however, will be strictly regulated.
The notorious hacking group ShinyHunters, who has been responsible for numerous massive data leaks in the past, has assumed control of the revived platform, raising alarm among cybersecurity experts and law enforcement agencies worldwide.
Hackers hit the e-commerce industry with 14 billion attacks in 15 months, pushing it to the top of the list of targets for web application and API exploits, according to a new report by Akamai.
The Chinese threat group 'ChamelGang' infects Linux devices with a previously unknown implant named 'ChamelDoH,' allowing DNS-over-HTTPS communications with attackers' servers.
The use of MFA has nearly doubled since 2020 and that phishing-resistant authenticators represent the best choice in terms of security and convenience for users, according to Okta.
The computing giant dubbed the threat actor Cadet Blizzard and said it's distinct from other well-known Russian military intelligence hacking groups, such as Sandworm and APT28, which is also known as Fancy Bear.
Bipartisan legislation proposing to help rural hospitals better address cybersecurity personnel shortages cleared a Senate committee Wednesday amid signs of a deepening ransomware crisis affecting hospitals serving areas with low population density.
The US CISA, UK NCSC, and their Australian, New Zealand, Canadian, French, and German equivalents penned the document after warning of the continued threat posed by the collective.
The Swedish Authority for Privacy Protection, or IMY, on Tuesday, imposed a fine of 58 million Swedish kroner (~$5.4 million) in a statement saying Spotify should be more specific about how and for which purposes it collects individuals' data.
North Korea has created a fake version of South Korea's largest internet portal, Naver, in a large-scale phishing attempt, Seoul's National Intelligence Service (NIS) said on Wednesday.
The new Chrome 114 update that resolves five vulnerabilities, including four critical- and high-severity bugs reported by external researchers. The most important of these is CVE-2023-3214, a critical use-after-free flaw in Autofill payments.
The BingeChat campaign is ongoing and the spyware can exfiltrate WhatsApp backups and receive commands to delete files. The actor behind GravityRAT remains unknown, and the group is tracked internally as SpaceCobra.
The U.S. military has rearranged a years-long effort to expand the "action arm" of its top cyber forces, according to multiple sources, as leaders try to balance fighting advanced foreign threats like China with maintaining basic readiness.
SeroXen malware uses advanced, fully undetectable (FUD) techniques to infect victims with hVNC-capable malware. The malware uses highly obfuscated batch files as the loading mechanism, utilizing the BatCloak obfuscation engine.
Red Hat Security Advisory 2023-3540-01 - Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an application that is deployed on top of Red Hat Enterprise Linux show more ...
Red Hat Security Advisory 2023-3567-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.
Red Hat Security Advisory 2023-3560-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.12.0 ESR.
Purle Devloper Panel version 1.0 suffers from an insecure direct object reference vulnerability that allows an unauthenticated user to update passwords.
Ptclab version 3.5 appears to leave default credentials installed after installation.
phpFK version 8.0 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-3536-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.3.
Red Hat Security Advisory 2023-3566-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.
Red Hat Security Advisory 2023-3559-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3565-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.
Red Hat Security Advisory 2023-3564-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.
PyLoad version 0.5.0 suffers from an unauthenticated remote code execution vulnerability.
projectSend version r1605 suffers from a CSV injection vulnerability.
projectSend version r1605 suffers from a persistent cross site scripting vulnerability.
Coalition ESS uses AI to generate dynamic risk scores to help organizations mitigate their most critical risks faster.
The company aims to empower enterprises to securely manage their endpoints and remediate vulnerabilities from the cloud, enabling a work-from-anywhere environment with confidence.
Vulcan Connector for Wiz enables mutual customers to reduce cloud risk at scale.
The threat actors behind the LockBit ransomware-as-a-service (RaaS) scheme have extorted $91 million following hundreds of attacks against numerous U.S. organizations since 2020. That's according to a joint bulletin published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC
Microsoft on Wednesday took the lid off a "novel and distinct Russian threat actor," which it said is linked to the General Staff Main Intelligence Directorate (GRU) and has a "relatively low success rate." The tech giant's Threat Intelligence team, which was previously tracking the group under its emerging moniker DEV-0586, has graduated it to a named actor dubbed Cadet Blizzard. "Cadet
The threat actors behind the Vidar malware have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi. "Vidar threat actors continue to rotate their backend IP infrastructure, favoring providers in Moldova and Russia," cybersecurity company Team Cymru said in a new analysis shared
An updated version of an Android remote access trojan dubbed GravityRAT has been found masquerading as messaging apps BingeChat and Chatico as part of a narrowly targeted campaign since June 2022. "Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files," ESET researcher Lukáš Štefanko said in a new report published today. "The
The revolutionary technology of GenAI tools, such as ChatGPT, has brought significant risks to organizations' sensitive data. But what do we really know about this risk? A new research by Browser Security company LayerX sheds light on the scope and nature of these risks. The report titled "Revealing the True GenAI Data Exposure Risk" provides crucial insights for data protection stakeholders and
In what's a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves. "Malicious binaries steal the user IDs, passwords, local machine environment variables, and local host name, and then exfiltrates the stolen data to the hijacked
The Russian threat actor known as Shuckworm has continued its cyber assault spree against Ukrainian entities in a bid to steal sensitive information from compromised environments. Targets of the recent intrusions, which began in February/March 2023, include security services, military, and government organizations, Symantec said in a new report shared with The Hacker News. "In some cases, the
Ransomware actors and cryptocurrency scammers have joined nation-state actors in abusing cloud mining services to launder digital assets, new findings reveal. "Cryptocurrency mining is a crucial part of our industry, but it also holds special appeal to bad actors, as it provides a means to acquire money with a totally clean on-chain original source," blockchain analytics firm Chainalysis said in
A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway (ESG) appliances since October 2022. "UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic of China," Google-owned Mandiant said in a new report published today, describing the group as "
There are shocking revelations about a US Government data suck-up, historic security breaches at Windsor Castle, and the MOVEit hack causes consternation. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
