Episode 304 kicks off with news that U.S government agencies are also affected by the recent CLOP gang as theyre also using the affected MOVEit software. From there the team also discuss the most recent flaws in the MOVEit software and urge users to update. Following on from that, theres an interview with Ghislaine show more ...
Summer finds many company employees gazing longingly out the window, glancing now and again at the calendar. You dont need to be a psychic to read the word vacation in their minds. Neither do cybercriminals – who exploit such sentiments through phishing. The goal, as ever, is to coax out corporate credentials. We show more ...
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, show more ...
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information.
Compliance, seen as a burden for businesses, is being passed to overloaded IT departments — leaving organizations unsure if they're compliant at all.
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.
The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.
Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it.
Scammers are setting out lures for people looking for work. If a position sounds too good to be true, it probably is.
Software-as-a-service has its benefits, but abandoned SaaS integrations and idle data sharing introduce risk to the enterprise.
Camaro Dragon (Mustang Panda) is spreading a malware variant of WispRider quickly across the globe even through air gaps, often unbeknown to users.
Small and midsized companies work to jettison some security tools to simplify operations and reduce cost, even as any economic downturn continues to remain at bay.
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.
Under construction: The world's leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.
More connectivity means more potential ways into your enterprise, so securing every main attack surface is imperative.
The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.
The State Department's ambassador at large for cyberspace and digital policy, Nate Fick, has expressed his concerns about the dangers posed by artificial intelligence (AI), China, and the vulnerabilities present in internet infrastructure.
Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure Mobility Client) that can let attackers elevate privileges to SYSTEM.
The Legion hacktool, marketed in Telegram and in public groups and channels, harvests credentials from misconfigured web servers and use those credentials for email abuse, researchers at Cado Labs, who discovered Legion, said in a blog post.
Researchers took the wraps off of a year-long cyberattack campaign deploying a custom Golang malware called RDStealer. The malware strain focuses on stealing credentials and extracting data from compromised hosts. Not a coincidence but all the compromised machines were Dell-manufactured devices.
Colorado joined several other U.S. states in announcing MOVEit breaches, with its Department of Health Care Policy & Financing confirming that it is in the process of investigating an incident involving the data of state residents.
In remarks at a Wednesday press conference, PM Kishida announced a review of the My Number system and ordered the relevant department to make it a priority comparable with government responses to COVID-19.
This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation which has been active since 2019. The exact threat actor behind the campaign is not known.
Senators Richard Blumenthal and Marsha Blackburn have questioned TikTok's misleading assurances and cited reports of sensitive financial information of American creators being stored in China.
On Tuesday, CISA published two ICS advisories to warn of vulnerabilities in Enphase products that could lead to information leaks or command execution. Both are said to be remotely exploitable with low attack complexity.
Ukrainian and Canadian authorities conducted a joint operation to disrupt the two call centers and confiscate computer equipment, mobile phones, SIM cards, cars, and cash.
These attacks by APT29 (aka Cozy Bear, Nobelium, or Midnight Blizzard) are directed at governments, IT service providers, nongovernmental organizations (NGOs), and defense and critical manufacturing industries.
Hawai?i Community College is the latest university to deal with a ransomware attack, announcing on Tuesday night that it was forced to shut off its network and contact federal authorities about the incident.
Salt Security surveyed an international selection of 300 CISOs and CSOs to examine the cybersecurity ramifications of digitalization – and it is worth noting that almost 90% of them said that digital transformation introduces unforeseen risks.
The North Korean threat actor known as ScarCruft has been observed using an info-stealer malware with previously undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service.
Chrome Browser Cloud Management offers extension management capabilities and reporting to enable organizations to control extension usage and mitigate potential security risks.
In a new data breach notification issued yesterday, iOttie says they discovered on June 13th that its online store was compromised between April 12th, 2023, and June 2nd with malicious scripts.
The European Council agreed on Wednesday to seek to reduce the level of protections provided to journalists from government surveillance and spyware in a proposed law intended to safeguard media freedoms across the bloc.
RepoJacking is a security vulnerability that may lead to code execution on organizations' internal or customer environments. Millions of GitHub repositories are potentially vulnerable to it, including popular organizations such as Google and Lyft.
Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its online package look-up tools and abused in phishing attacks.
The malware poses as a legitimate app for an electronic toll system used in Southern Asia and steals user credentials and 2FA codes. The malware is distributed via email phishing campaigns and has been downloaded over 100,000 times.
A third-party vendor of 3CX left an open server and exposed sensitive data. Attackers could use the exposed call metadata, license keys, and database connection strings to spy on 3CX clients or launch more sophisticated attacks.
Law firms in Britain were warned on Thursday to upgrade their cyber defenses in the wake of a number of ransomware attacks that led to sensitive and potentially legally privileged information being stolen by criminals and published online.
Debian Linux Security Advisory 5437-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the show more ...
Red Hat Security Advisory 2023-3740-01 - This release of Camel for Spring Boot 3.20.1.P1 serves as a replacement for Camel for Spring Boot 3.20.1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.
It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data show more ...
Ubuntu Security Notice 6183-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading to a denial of service. It was discovered that Bind incorrectly handled the show more ...
Red Hat Security Advisory 2023-3771-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.
Debian Linux Security Advisory 5436-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the show more ...
OX App Suite suffers from server-side request forgery, command injection, uncontrolled resource consumption, code injection, authorization bypass, and insecure storage vulnerabilities. Various versions in the 7.10.x and 8.x branches are affected.
WordPress BackUpWordPress version 3.8 appears to leave backups in a world accessible directory under the document root.
Zstore version 6.5.4 suffers from a database disclosure vulnerability.
Red Hat Security Advisory 2023-3741-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.
Debian Linux Security Advisory 5435-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service.
Ad Manager Pro version 3.05 suffers from a backup disclosure vulnerability.
Active Matrimonial CMS version 1.4 suffers from an html injection vulnerability.
Red Hat Security Advisory 2023-3711-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3715-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a memory leak vulnerability.
Acon Architecture and Construction Website CMS version 1.2 appears to leave default credentials installed after installation.
ACJWEB DESIGNER version 1.0 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2023-3714-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2023-3342-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.13. Issues addressed include a bypass vulnerability.
Hospital Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
Whitepaper that discusses how spear phishing can be leveraged to perform attacks on multi-factor authentication.
Red Hat Security Advisory 2023-3725-01 - The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Red Hat Security Advisory 2023-3723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3722-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer over-read and denial of service vulnerabilities.
Acquisition of NetSpyGlass extends Airgap Zero Trust Firewall™ innovation leadership with advanced network and asset intelligence for business-critical networks.
Cybersecurity expert and proven entrepreneur to help protective DNS leader drive vision and scale through hypergrowth.
Full-cycle verification platform enhances its facial biometrics verification with innovative deepfake detection technology; shares new 2023 identity fraud trends.
Award-winning XEM platform introduces advanced SBOM capabilities, expanded ARM support, and additional Risk & Compliance improvements.
Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.
Losing sleep over Generative-AI apps? You're not alone or wrong. According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems like Slack, GitHub and Google Workspace and this number is only expected to grow. Continue reading to understand the potential risks and how to minimize them. Book a Generative-AI
Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report. The supply chain vulnerability, also known as dependency repository hijacking, is a class of attacks that
The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives. "While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach and highlights the alarming role USB drives play in spreading malware," Check Point said in new
Why Data Exfiltration Detection is Paramount? The world is witnessing an exponential rise in ransomware and data theft employed to extort companies. At the same time, the industry faces numerous critical vulnerabilities in database software and company websites. This evolution paints a dire picture of data exposure and exfiltration that every security leader and team is grappling with. This
A critical security flaw has been disclosed in the WordPress "Abandoned Cart Lite for WooCommerce" plugin that's installed on more than 30,000 websites. "This vulnerability makes it possible for an attacker to gain access to the accounts of users who have abandoned their carts, who are typically customers but can extend to other high-level users when the right conditions are met," Defiant's
A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone RAT and Quasar RAT," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov
There's some funny business going on on Google, and Zuckerberg's $14 billion bet on the metaverse is beginning to look a little childish... All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
If you have an Apple computer, watch, or smartphone you have hopefully already received a notification that you should install an update to your operating system. And yes, you really should update your devices.
Fancy $10 million? Of course you do! Well, all you have to do is provide information that helps identify or locate members of the notorious Cl0p ransomware gang.
Patients of a Beverly Hills plastic surgery clinic face the potential horror of having highly sensitive images of their bodies leaked onto the internet by hackers. Read more in my article on the Hot for Security blog.
A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources
