If youre unfamiliar with the corporate file-sharing app MOVEit Transfer, its still worth studying how it was hacked – if only for its sheer scale: hundreds of organizations were affected, including, among many others, Shell, the New York State Education Department, the BBC, Boots, Aer Lingus, British Airways, show more ...
Apple's emergency fix for a code-execution bug being actively exploited in the wild is reportedly buggy itself, and some indications point to the Cupertino giant halting patch rollouts.
Personal details of Bangladeshi citizens found online by researcher included full names, phone numbers, email addresses, and national ID numbers.
Among the changes are the new offerings Entra Internet Access and Entra Private Access — and Azure AD has been renamed.
As organizations struggle to keep up with new regulations and hiring challenges, chief information security officers share common challenges and experiences.
The exploit code was brought to VMware's attention by an anonymous researcher, in tandem with the Trend Micro Zero Day Initiative.
A toolset upgrade is making ScarletEel more slippery than ever while it continues to manipulate the cloud to perform cryptojacking, DDoS, and more.
The hackers posted up for sale stolen HCA Healthcare data on Dark Web forum.
Giving ourselves a chance in this fight means acknowledging that yesterday's successful defensive tactics may already be obsolete.
Analysts seem bullish about funding and M&A activity for the second half of the year, though transaction volumes and values dipped again in Q2.
As NATO mulls Ukrainian membership, the threat group is targeting supporters of Ukraine with a backdoor and exploitation of the Microsoft remote code execution (RCE) flaw known as Follina.
The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker said it addressed the issue with improved checks.
Three years after a European court invalidated a transatlantic data transfer agreement, the EU now adopted a new agreement with the U.S. meant to better ensure privacy protections for data moving between American tech companies and users overseas.
VMware warned customers today that exploit code is now available for a critical vulnerability in the VMware Aria Operations for Logs analysis tool, which helps admins manage terabytes worth of app and infrastructure logs in large-scale environments.
A cautionary alert has been issued by researchers regarding an advanced voice phishing (vishing) campaign referred to as "Letscall," presently targeting Android users in South Korea. The attackers pose as banking employees and use social engineering tactics to extract sensitive information from unsuspecting users.
Ransomware attacks increased by over 37% in 2023 compared to the previous year, with the average enterprise ransom payment exceeding $100,000, with a $5.3 million average demand, according to Zscaler.
The problem was first detected in late 2021. But before it could be closed, the report said organized criminal groups leveraged the loophole by "encouraging individuals to try to make expensive purchases that would go on to be declined."
Check Point Software Technologies’ recent research highlights a concerning trend: a circulating fake Telegram messenger app that infects Android devices with Triada malware upon installation.
A newly discovered ransomware strain dubbed Big Head is spreading through malvertising, which involves the promotion of fake Windows updates and Microsoft Word installers, warned Trend Micro. Designed as a .NET binary, the ransomware deploys three AES-encrypted files on the targeted system: one for spreading the malware, another for facilitating communication with a Telegram bot, and the third for encrypting files.
The popular fanfiction platform Archive of Our Own (AO3) is currently grappling with a wave of DDoS attacks. Since early Monday morning, the AO3 website has been experiencing intermittent periods of outage, leaving users frustrated.
The sale, which is under a definitive agreement, is expected to close before the end of 2023. Forcepoint is separating out its Global Governments and Critical Infrastructure business, known as G2CI, in the sale to TPG, creating an independent entity.
The evolving cyberattack landscape reveals the increasing utilization of generative AI systems, like ChatGPT, by cybercriminals for crafting malicious content and executing sophisticated attacks, according to Acronis.
The Australian infrastructure services provider Ventia is dealing with a cyberattack that began this weekend. On Saturday, the company said it identified a cyber intrusion and took some “key systems” offline to contain the incident.
Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services (AWS) Fargate.
The tools cost between $700-$1000 and are currently designed for Android-based devices. The authors behind both tools recommend using OnePlus devices to deploy mobile anti-detect or may ship ready-to-use devices with pre-configured packages.
Staff at one of the UK's largest hospital groups have spent a nervous week wondering if private data, stolen from their employer's IT systems by a ransomware gang, is going to be splurged online after a deadline to prevent publication passed.
The island nation of over 1.4 million people announced on Friday that its Ministry of Digital Transformation discovered a cyberattack targeting the country’s Office of the Attorney General and Ministry of Legal Affairs (AGLA) in recent days.
In April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised. The attack was claimed by the Russian-linked Blackcat ransomware.
According to a Twitter post by threat intelligence platform FalconFeeds.io, a seller had advertised the sale of source codes, encryption keys, database and backend access logins for Razer and its products in a hackers’ forum on Saturday.
Security researchers uncovered a new campaign by Charming Kitten (APT42) targeting Windows and macOS systems using different malware payloads. A new type of malware called NokNok, is specifically used for targeting macOS systems. For Windows, adversaries leverage PowerShell code and an LNK file to drop the GorjolEcho backdoor from a cloud hosting provider.
Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go.
In a website notice, HCA confirmed that the data includes “information used for email messages, such as reminders that patients may wish to schedule an appointment and education on healthcare programs and services.”
The attackers imitated the W4SP attack group by using custom entry points and leveraging free file hosting services to remain undetected during the installation or execution process.
Businesses in the Latin American region are facing a new threat from a sophisticated malicious campaign distributing the TOITOIN trojan. Moreover, the campaign uses Amazon EC2 instances to evade domain-based detections. It is crucial for organizations to maintain a high level of vigilance against evolving malware campaigns.
Ubuntu Security Notice 6215-1 - It was discovered that dwarves incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause dwarves to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-4023-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Debian Linux Security Advisory 5451-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Mastery LMS version 1.2 suffers from a cross site scripting vulnerability.
Academy LMS version 5.15 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-4021-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.
Ubuntu Security Notice 6214-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, show more ...
Articart version 2.0.1 suffers from cross site scripting and open redirection vulnerabilities.
Ubuntu Security Notice 6213-1 - It was discovered that Ghostscript incorrectly handled pipe devices. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code.
Ubuntu Security Notice 6210-1 - It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previous approved. An attacker could potentially exploit these in order to impersonate another user and obtain sensitive information.
Kyocera TASKalfa 4053ci versions 2VG_S000.002.561 and below suffers from path traversal, user enumeration, and denial of service vulnerabilities.
Red Hat Security Advisory 2023-4020-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.
Atlas Business Directory Listing version 2.13 suffers from cross site scripting vulnerabilities.
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
Red Hat Security Advisory 2023-4022-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.
Debian Linux Security Advisory 5450-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.
Red Hat Security Advisory 2023-4005-02 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
Ekushey Project Manager CRM version 5.0 suffers from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2023-4003-01 - As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site. Issues addressed include a denial of service vulnerability.
Super Store Finder version 3.6 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2023-4004-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
QuickOrder version 6.3.7 suffers from a remote SQL injection vulnerability.
Ubuntu Security Notice 6212-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG show more ...
Ateme TITAN File version 3.9 suffers from a server-side request forgery vulnerability that allows for file enumeration.
Investment will drive company-wide expansion across BloodHound Enterprise, BloodHound FOSS, consulting and training programs, and research and development.
Former employee of contractor allegedly unleashed computer attack on the town's critical infrastructure — the systems controlling its water treatment facility.
Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker said it addressed the issue with improved checks
A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers. Big Head was first documented by Fortinet FortiGuard Labs last month, when it discovered multiple variants of the ransomware that are designed to encrypt files on victims' machines in exchange for a cryptocurrency
Discover all the ways MITRE ATT&CK can help you defend your organization. Build your security strategy and policies by making the most of this important framework. What is the MITRE ATT&CK Framework? MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a widely adopted framework and knowledge base that outlines and categorizes the tactics, techniques, and procedures (TTPs)
Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services (AWS) Fargate. "Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control
A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. "Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates," Cisco Talos said in an exhaustive two-part report shared
A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
