Not so long ago, a few dozen malicious plugins were discovered in the Chrome Web Store (the official browser extension store for Google Chrome). The most popular of these extensions had over nine million downloads, and altogether these plugins had been downloaded around 87 million times. We explain what these show more ...
The company's Confidential Data Search technique relies on confidential computing to keep data secure even while it is in use.
A new Proxyjacking campaign has come to light that targets SSH servers and proceeds to establish Docker services, utilizing the victim's bandwidth to generate revenue. Further investigation revealed the presence of cryptocurrency miners, exploits, and hacking tools on the compromised server. Organizations are advised to implement standard security measures.
Trend Micro researchers have identified a malvertising campaign that distributes BlackCat ransomware. Adversaries create cloned webpages, including that of the open-source file transfer app WinSCP, resembling legitimate organizations. Additionally, the criminals used SpyBoy, a tool that tampers with the protective measures implemented by security agents.
According to Emsisoft data, at least 19 healthcare providers hit by ransomware attacks operate 33 hospitals and at least 16 of the 19 had data exfiltrated. Data exfiltration last year occurred in 68% of cases.
A SOCRadar dark web analyst recently discovered an alleged database leak for Instagram. The leaked data reportedly contains over 17 million records in JSON format. The nature of the data suggests that it may have been collected from open source.
Attackers said “We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, email and password. Price for full database : 50,000 USD.”
Protecting runtime environments requires at least a monitoring approach that includes scanning for known malicious files and network communications, then blocking them and alerting when they appear. However, this is still insufficient.
EarlyRAT is a straightforward program that immediately starts gathering system data and sending it via a POST request to the C2 server. The execution of commands on the infected system is EarlyRAT’s second main purpose.
A malicious actor could manipulate the manifest data of a new package, and potentially expose developers to risks such as cache poisoning, installation of unknown dependencies, execution of unknown scripts, and possibly even downgrade attacks.
DDoSia is attributed to a pro-Russian hacker group called NoName(057)16. Launched in 2022 and a successor of the Bobik botnet, the attack tool is designed for staging distributed denial-of-service (DDoS) attacks against targets.
“At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data. We have seen no evidence that our customer data has been accessed or compromised,” Microsoft noted.
GuLoader is increasingly prevalent as a malware loader within phishing campaigns. Morphisec Labs uncovered a GuLoader campaign that has been targeting law firms (46.4%), alongside investment (17.9%) and healthcare (21.4%) firms, in the U.S. The campaign has been ongoing since April.
the percentage of manufacturing organizations that used back backups to recover data has increased, with 73% of the manufacturing organizations surveyed using backups this year versus 58% in the previous year.
Car Rental Script version 1.8 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 6196-1 - It was discovered that ReportLab incorrectly handled certain PDF files. An attacker could possibly use this issue to execute arbitrary code.
Ubuntu Security Notice 6195-1 - It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly show more ...
Allhandsmarketing LMS version 2.0 suffers from a cross site request forgery vulnerability.
Adveris CMS version 3.0 suffers from a cross site scripting vulnerability.
Advanced HRM version 1.6 allows for the reseting of the administrative password.
ADMINA BULGARIA Ltd version 1.0 appears to leave default credentials installed after installation.
Active Super Shop version 1.5.1 suffers from an html injection vulnerability.
Aathesh Soft CMS version 0.3.0 suffers from a cross site scripting vulnerability.
Ariadna CMS version 0.3 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It show more ...
Debian Linux Security Advisory 5446-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle permission validation for pipe devices, which could result in the execution of arbitrary commands if malformed document files are processed.
Ubuntu Security Notice 6199-1 - It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.
Ubuntu Security Notice 6198-1 - It was discovered that GNU Screen was not properly checking user identifiers before sending certain signals to target processes. If GNU Screen was installed as setuid or setgid, a local attacker could possibly use this issue to cause a denial of service on a target application.
Citrix Gateway and Cloud MFA suffers from an insufficient session validation vulnerability.
Qualcomm Adreno/KGSL suffers from an issue where code in user-writable mapping is executed in non-protected mode.
Ubuntu Security Notice 6197-1 - It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service.
WordPress WP AutoComplete Search plugin versions 1.0.4 and below suffer from a remote SQL injection vulnerability.
D-Link DAP-1325 suffers from an insecure direct object reference vulnerability.
POS Codekop version 2.0 suffers from a remote shell upload vulnerability.
Allhandsmarketing CMS version 3.01 suffers from a remote SQL injection vulnerability.
TP-Link TL-WR940N version 4 suffers from a buffer overflow vulnerability.
AppleZeed CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ApPHP MicroCMS version 1.0.1 re-embeds arbitrary content from the client into web pages.
ApnaTrademark CMS version 2.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
No less than 330000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that have come under active exploitation in the wild. Cybersecurity firm Bishop Fox, in a report published last week, said that out of nearly 490,000 Fortinet SSL-VPN interfaces exposed on the internet, about 69 percent remain unpatched. CVE-2023-27997
The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down. The updated variant, written in Golang, "implements an additional security mechanism to conceal the list of targets, which is transmitted from the [command-and-control] to the
An e-crime actor of Mexican provenance has been linked to an Android mobile malware campaign targeting financial institutions globally, but with a specific focus on Spanish and Chilean banks, from June 2021 to April 2023. The activity is being attributed to an actor codenamed Neo_Net, according to security researcher Pol Thill. The findings were published by SentinelOne following a Malware
The Swedish data protection watchdog has warned companies against using Google Analytics due to risks posed by U.S. government surveillance, following similar moves by Austria, France, and Italy last year. The development comes in the aftermath of an audit initiated by the Swedish Authority for Privacy Protection (IMY) against four companies CDON, Coop, Dagens Industri, and Tele2. "In its audits
Criminals increasingly create deepfake nudes from people’s benign public photos in order to extort money from them, the FBI warns
