Not so long ago, our technologies detected a new APT attack on iPhones. The attack was part of a campaign aimed at, among others, Kaspersky employees. Unknown attackers used an iOS kernel vulnerability to deploy a spyware implant dubbed TriangleDB in the devices memory. Our experts have been able to study this implant show more ...
If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently show more ...
Gen Digital, the parent company of the security companies, is the latest victim in a rash of Cl0p attacks on the bug in the MOVEit transfer software, leading to employee data being revealed.
The emerging cyber-threat group is unusually persistent and nimble, bypassing MFA, stealing data, and using compromised environments for downstream customer attacks.
Organizations need to start taking critical infrastructure threats seriously, as they could be a precursor to future, hybrid cyber-kinetic warfare attacks, experts warn.
The US Department of Justice adds litigators under its National Security Division to take on sophisticated cyber threats from adversarial nation-states.
The notorious APT15 used common malware tools and a third-generation custom "Graphican" backdoor to continue its information gathering exploits, this time against foreign ministries.
A threat you've never heard of is using double extortion attacks on mom-and-pop shops around the globe.
From fake job listings that ding your reputation to fake job applicants who hack your network, job scams are a major threat.
A slew of critical advisories this week showcase an exploding edge device attack surface for SMBs, which have limited cybersecurity protection, visibility, and maintenance available.
While it's impossible for an organization to be completely secure, there's no reason to be defenseless.
As a former Gartner analyst, it was interesting to be on the other side, listening as others explored the impact of CEO and CIO priorities on security.
INFOSEC23 — London — It's time to update what we think we understand about ransomware, including new defensive measures and how fast the attack response should be.
The mapping of CIS Controls to Verizon’s incident classifications presents organizations with an opportunity to optimize their security resources by aligning them with real-world security incidents.
The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution.
Researchers stumbled across a collection of malicious artifacts, dubbed JokerSpy, which they believe to be components of an advanced toolkit specifically designed to target Apple macOS systems. Based on the above and that multiple files were missing from the victim system, the researchers suspect that the malicious artifacts are part of a more intricate attack.
Gen Digital, the company behind known cybersecurity brands such as Avast, Avira, AVG, Norton, and LifeLock, has confirmed that employee’s personal information was compromised in the recent MOVEit ransomware attack.
Cyware, a leading provider of threat intelligence management and cyber fusion solutions, announced today a strategic technology partnership with Mimecast, an advanced email and collaboration security company.
Pro-Russian hacker group Anonymous Sudan appears to use expensive online infrastructure to perpetuate distributed denial-of-service attacks, undermining its claim to be a volunteer group operating from an impoverished East African country.
The threat actors claim to have stolen 7 TB of data from the University of Manchester during a June 6th cyberattack in an email sent to students and shared with BleepingComputer.
To ensure the legal and safe use of data, businesses should provide employee training, anonymize PII before processing, and regularly review and update data protection policies.
A group of government-backed hackers used an almost six-year-old Telerik vulnerability to break into a US federal agency's Microsoft IIS web server, underscoring the importance of patching.
The study by KnowBe4, which analyzed a dataset of over 12.5 million users across 35,681 organizations, revealed that 35.2% of users who had received no security training were prone to clicking on suspicious links or engaging in fraudulent actions.
Graphican is notable for using Microsoft Graph API and OneDrive to stealthily obtain its C2 infrastructure addresses in encrypted form, giving it versatility and resistance against take-downs.
IT teams have made security efforts and progress in zero-trust implementation strategies to establish a new sense of normalcy following the network upheaval caused by the start of the global pandemic.
A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate (GRU) has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities.
An unidentified cybercrime group was observed brute-forcing vulnerable Linux SSH servers to drop various malware strains, including the Tsunami DDoS bot. Tsunami, also known as Kaiten, is used by a multitude of threat actors as the source code of the botnet is publicly available. administrators are recommended to use passwords that are difficult to guess and change them periodically to prevent falling victim.
Condi, unlike some botnets which propagate by means of brute-force attacks, leverages a scanner module that checks for vulnerable TP-Link Archer AX21 devices and, if so, executes a shell script retrieved from a remote server to deposit the malware.
The first security defect, tracked as CVE-2023-2986 (CVSS score 9.8/10), impacts the Abandoned Cart Lite for WooCommerce, a plugin that notifies customers who did not complete the purchase process, and which has more than 30,000 active installations.
LockBit was the most active group last month, but NCC Group researchers were surprised by 8base, which started listing victims from attacks that occurred beginning in April 2022.
The growing adoption of cloud has elevated cloud security fear for IT teams, as they grapple with the challenges and concerns arising from the widespread use of complex cloud environments while diligently addressing them, according to SUSE.
The decision to put cyber on equal footing with the division’s three existing sections comes as the DOJ has ramped up its own efforts to defeat botnets, contain or eliminate malware outbreaks and pursue digital criminals around the globe.
Debian Linux Security Advisory 5434-1 - A heap-based buffer overflow vulnerability was found in the HTTP chunk parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may result in denial of service or the execution of arbitrary code.
Ubuntu Security Notice 6182-1 - It was discovered that pngcheck incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
PHP Online School version 1.0 suffers from a cross site scripting vulnerability.
PHP Mail version 5.0 suffers from a cross site scripting vulnerability.
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only show more ...
Ubuntu Security Notice 6180-1 - It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16. show more ...
Nokia ASIKA version 7.13.52 suffers from a hard-coded private key disclosure vulnerability.
Red Hat Security Advisory 2023-3705-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
WordPress Super Socializer plugin version 7.13.52 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 6143-3 - USN-6143-1 fixed vulnerabilities and USN-6143-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an show more ...
Accent Microcomputers CMS version 2.4 suffers from a directory traversal vulnerability.
PHP Car Dealer version 3.0 suffers from a cross site scripting vulnerability.
Debian Linux Security Advisory 5433-1 - Gregory James Duck reported that missing input validation in various functions provided by libx11, the X11 client-side library, may result in denial of service.
WordPress WP Sticky Social plugin version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
Ubuntu Security Notice 5948-2 - USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies.
A Cart version 2.0 suffers from a database disclosure vulnerability.
3CX Open Standards Software IP PBX Thailand version 2.0.3 suffers from a cross site scripting vulnerability.
SPIP versions 4.2.1 and below suffer from an unauthenticated remote code execution vulnerability.
Talroo Jobs Script version 1.0 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 6168-2 - USN-6168-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into show more ...
WordPress BookIt plugin versions 2.3.7 and below suffer from an authentication bypass vulnerability.
A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work of a threat actor who goes by the online alias zxcr9999 on Telegram and runs a Telegram channel
VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild. The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution. It impacts VMware
More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period is extended by the attackers. The Russian
When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security incidents Increase trust in Vanta's information security program Reduce the friction caused by information security controls Use security expertise to support the business In this article, I'm going to focus on number three: reducing friction. Declaring your
A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth. "nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD
Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets included a government finance department and a corporation that markets products in the Americas as
The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. "The threat actor sent their commands through the Golang backdoor that is using the Ably service," the AhnLab Security Emergency response Center (
Snack giant Mondelez is warning past and present employees that their personal information may now be in the hands of hackers following a data breach at a third-party firm. Read more in my article on the Hot for Security blog.
Graham Cluley Security News is sponsored this week by the folks at Uptycs. Thanks to the great team there for their support! Your developer’s laptop is just a hop away from cloud infrastructure. Attackers don’t think in silos, so why would you have siloed solutions protecting public cloud, private cloud, show more ...
From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels
