The advantages of cryptocurrencies for owners — lax regulation and lack of government control — are major pluses for cyberthieves too. Because the threats to crypto assets are quite varied, we recommend that you study our overview of how to protect your crypto investments, as well as our tips for owners of show more ...
For line-of-business execs, the fear of grinding mission-critical systems to a halt overrides the fear of ransomware. How can CISOs overcome this?
Black Hat Asia 2023 showed that cybersecurity is nascent among organizations in Asia with opportunities for improvement.
Many organizations are unwittingly exposing users of their code repositories to repojacking when renaming projects, a new study shows.
It's unclear why the NSA issued in-depth mitigation guidance for the software boot threat now, but orgs should take steps to harden their environments.
While there's plenty of upside to rolling out deception technologies, it's not clear if cybersecurity leaders — or their organizations — are ready for them.
Identity threat detection and response adds user entity behavioral analytics to fraud detection, creating a powerful tool for real-time protection.
Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent.
Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise.
The impending regulations highlight the increasing importance of enhanced network security and regulatory compliance across the government sector.
Although the authenticity of these claims remains uncertain, the fact that the hacker is offering to use Escrow—a trusted third-party payment service—adds a level of credibility to the offer.
In addition to backdoor capabilities and the ability to propagate through USB using the HopperTick launcher, the payload includes additional features, such as a bypass for SmadAV, an anti-virus solution popular in Southeast Asia.
Security experts came across a new campaign—from late 2022 to early 2023—by the Chinese state-sponsored threat group APT15, which used a novel backdoor called Graphican that possesses several capabilities. Symantec has published the IOCs for a better understanding of the threat to protect against it.
The organization said Wednesday that it was informed on June 6 by a third-party vendor – PBI Research Services/Berwyn Group – that data was accessed by hackers exploiting the MOVEit file transfer tool.
According to a survey by Panaseer, automation is considered more effective than vendor consolidation in easing industry concerns, and 96% of organizations automate at least one aspect of their cybersecurity.
The North Korean APT37 (aka ScarCruft and RedEyes) group was found using a new info-stealer with wiretapping features, named FadeStealer, along with a backdoor written in GoLang that abuses the Ably platform. Apart from the ability to listen to private conversations of victims, the malware can steal a wide variety of information from Windows systems.
Open source is key to the success of cloud-native security as it facilitates collaboration amongst developers, architects, and users, brings strength in numbers, and allows for diverse innovation.
Dole said the hackers accessed the names, addresses, driver’s license numbers, passport numbers, dates of birth, phone numbers, and other employment information, according to a filing with the Maine Attorney General.
According to research by Insikt Group and CERT-UA, Russian hackers exploited vulnerabilities (CVE-2020-35730, CVE-2020-12641, and CVE-2021-44026) in Roundcube Webmail software to gain unauthorized access to unpatched servers.
Suspected Chinese APT groups exploited a 17-year-old Microsoft Office vulnerability in May to launch malware attacks against foreign government officials who attended a G7 summit in Hiroshima, Japan.
The project is expected to feature a reference design and an implementation guide addressing four main cybersecurity challenges across the water and wastewater sector, namely asset management, data integrity, remote access, and network segmentation.
BlackLotus has been circulating on hacking forums since October 2022, marketed as malware capable of evading detection, withstanding removal efforts, and neutralizing multiple Windows security features such as Defender, HVCI, and BitLocker.
A proposed federal class action lawsuit alleges that patient debt collection software firm Intellihartx was negligent in its handling of third-party risk, contributing to a breach affecting nearly 490,000 individuals.
"The attack chain ends with the victim machine infected with multiple unique remote access trojan malware instances, such as Warzone RAT and Quasar RAT," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said.
The top French privacy regulator has imposed a fine of 40 million euros against a Parisian advertising technology company for its use of website tracking cookies and failure to process users' personal data in compliance with privacy laws.
The notorious extortion crew, aka ALPHV, added the Beverly Hills Plastic Surgery to its list of compromised organizations, and bragged about swiping people's personal information and healthcare records.
The Russian APT28 group has launched a spear-phishing campaign that has affected a regional prosecutor's office, an undisclosed executive authority, a military aviation company, and other government entities in Ukraine. It is suggested that users update the vulnerable Roundcube webmail servers to its latest version.
The breach was initially discovered by security researcher Jeremiah Fowler. Upon further investigation, it was revealed that the primary insurer associated with all the policies listed in the exposed database was USA Underwriters.
"A deserialization of untrusted data vulnerability [CWE-502] in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the TCP/1050 service," Fortinet stated.
A third-party vendor lost the personal data of at least 2.5 million Genworth Financial policyholders, including Social Security numbers, to the Russian Cl0p ransomware gang, according to the Fortune 500 insurer.
By deploying students to community organizations to improve digital defenses, university cybersecurity clinics aim to give students cybersecurity experience, improve local defensive capacity and steer students toward work in cybersecurity.
Fallout for Progress Software continues over a massive data breach that appears to have affected hundreds of private and public sector organizations that use its MOVEit file transfer software.
The botnet has been observed targeting IoT devices, routers, DVRs, access control systems, and Solar power generation monitoring systems from brands such as D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek.
A new cyber incentive framework from the Federal Energy Regulatory Commission could help utilities adapt to new threats at a faster pace, by providing flexibility for them to invest in pre-qualified cybersecurity measures.
Out of the 156 threats identified in drone control systems, the top 50 fall into four categories — namely reporting falsified data, denying access to real-time data, impersonation of UAS and its operator, and tempering with telemetry data.
The attack works with Microsoft Teams running the default configuration, which permits communication with Microsoft Teams accounts outside the company, typically referred to as "external tenants."
Debian Linux Security Advisory 5438-1 - A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record parse_query(), while show more ...
Red Hat Security Advisory 2023-3614-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.4.
PHPJabbers Forum Script version 3.0 suffers from a persistent cross site scripting vulnerability.
PHPJabbers Forum Script version 3.0 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-3612-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.4. Issues addressed include a denial of service vulnerability.
Debian Linux Security Advisory 5435-2 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service.
This Metasploit module exploits an SQL injection vulnerability in the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker can leverage an information leak be able to upload a .NET deserialization payload.
Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.
PHPJabbers STIVA Blog Script version 4.1 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat show more ...
Ubuntu Security Notice 6188-1 - Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service.
Ubuntu Security Notice 6184-1 - It was discovered that CUPS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or possibly obtain sensitive information.
Advanced ASP Chat version 2.0 suffers from a database disclosure vulnerability.
Adult Video Script version 3.0 suffers from local and remote file inclusion vulnerabilities.
Adiscon LogAnalyzer version 4.1.5 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 6187-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service.
Red Hat Security Advisory 2023-3777-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.
PHPJabbers Knowledge Base Builder version 3.0 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-3776-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
Adapt Inventory Management System version 1.0.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Active Newspaper version 2.0 suffers from an html injection vulnerability.
Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary show more ...
Red Hat Security Advisory 2023-3780-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.
Smart Office Web version 20.28 suffers from information disclosure due to an insecure direct object reference vulnerability.
Ubuntu Security Notice 6185-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.
Integration provides threat intel teams with an early warning system for geopolitical events that could trigger cyberattacks.
The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user executable policies and monitoring the integrity of the boot partition." BlackLotus is an advanced
Internet-facing Linux systems and Internet of Things (IoT) devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations," Microsoft threat intelligence researcher Rotem Sde-Or said.
The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of browser fingerprinting? You should! It's an online user identification technique that collects information about a visitor's web browser and its configuration preferences to associate individual browsing sessions with a single website visitor. With
A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware. A recent report from Proofpoint
A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the release of the 0ktapus phishing kit, which offered a prebuilt hosting framework and bundled templates,"
The NSA has publsihed a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protecting against the threat. Read more in my article on the Tripwire State of Security blog.
The US government has now announced a bounty of $10 million for intel linking the Cl0p ransomware gang to a foreign government
