Nation-states see the opportunity in targeting people directly through their mobile phones, in this case with sophisticated Android surveillanceware.
While cybersecurity preparedness in Africa is on the upswing, the continent still lacks agreements on international security standards and sharing threat intel.
Although not all Redis instances are vulnerable to the P2P worm variant, all of them can expect a compromise attempt, researchers warn.
Google's fix to the Bad.Build flaw only partially addresses the issue, say security researchers who discovered it.
By combining these leading-edge tools, security professionals can amplify the impact of their security strategies.
The ransomware-as-a-service offering was first assumed to be a red-team exercise before being detected for true malicious activity.
UAE's Seed Group is partnering with Resecurity to expand cybersecurity options in the Middle East and Africa.
As companies navigate how to protect themselves from the onslaught of increasingly sophisticated fraud threats, artificial intelligence will be a critical piece of next-gen authentication.
Security debt exists in on-premises data centers as well as in cloud platforms — but preventing it from accumulating in the cloud requires different skills, processes, and tools.
The company noted that it filed a lawsuit last month against a scammer who was posting fake reviews on Google Maps and attempting to manipulate other Google services for small businesses.
CISA said the BD product vulnerabilities have a "low attack complexity" and that successful exploitation could allow a malicious actor to compromise sensitive data, hijack a session, modify firmware, and make changes to system configurations.
Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and “strongly urges” to install updated versions without delay.
A strong argument for a connection has been established between the NoEscape ransomware and the obsolete Avaddon group. The encryption algorithms used by NoEscape and Avaddon ransomware are nearly identical, except that NoEscape switched to using the Salsa20 algorithm. Furthermore, sources have confirmed that multiple key members of Avaddon have joined the new ransomware operation.
A new malicious tool dubbed WormGPT is doing rounds in underground forums as a new generative AI cybercrime tool. Attackers could be preparing to execute sophisticated phishing attacks by crafting highly convincing fake emails, said security experts.
On June 16th, Cybernews researchers came across two misconfigured, meaning publicly exposed, Google Cloud Storage buckets. Both combined, they contained over 1.1 million files.
Downloading pirated movies from dubious sources can expose users to malware, putting personal and financial data at risk. Even visiting piracy websites or clicking on pop-ups and redirect links can lead to malware infections.
The Biden administration added two Europe-based hacking firms controlled by an Israeli former general to a Commerce Department blacklist, marking its latest effort to try to rein in a spyware industry that has spiraled out of control in recent years.
Threat actors are now exploiting the .ZIP top-level domain as a tool for phishing attacks, using the familiar file extension to deceive users into downloading malicious files.
Trend Micro uncovered a cyber operation by the Red Menshen APT group wherein it utilizes various versions of the BPFDoor backdoor to target Linux and cloud servers. A six-fold increase has been observed in the addition of instructions to BPF as those found in samples from 2022. Security teams across organizations should leverage provided IOCs to detect anomalies in their network.
Orca Security, which reported the bug to Google, said that attackers could impersonate the accounts and manipulate the build, injecting malicious code or taking other actions.
Bureau announced an additional $4.5 million from GMO VenturePartners, GMO Payment Gateway, and existing investors to complete its Series A funding round at $16.5 million. With this, total funding for the startup has reached $20.5 million to date.
Claudia Plattner, the new president of Germany’s BSI, told journalists she aimed to “intensify and focus” the agency’s work on using the levers of the European Union to improve cybersecurity in Germany and across the continent.
APT41, also known as Axiom, Blackfly, Brass Typhoon (formerly Barium), Bronze Atlas, HOODOO, Wicked Panda, and Winnti, is known to be operational since at least 2007, targeting a wide range of industries to conduct intellectual property theft.
To defend against RaaS groups, organizations need a holistic, defense-in-depth approach that includes measures like multi-factor authentication, email security, patch management, and comprehensive asset management.
Discovered yesterday by MalwareHunterTeam, the ransomware was initially thought to be part of a red team exercise by Sophos. However, the Sophos X-Ops team tweeted that they did not create the encryptor and that they are investigating its launch.
Ukraine's Cyber Police shut down yet another bot farm that was reportedly spreading disinformation about the war in Ukraine on social media, just one month after a similar illicit operation was raided in west-central Ukraine.
FBI warns of a surge in tech support scams targeting the elderly across the United States and urging victims to dispatch cash concealed within magazines or similar items through shipping firms.
Lawmakers are demanding the Department of Health and Human Services (HHS) to prevent law enforcement from accessing reproductive and other health records without a warrant.
The targeted attack group DangerousPassword has been continuously attacking cryptocurrency exchange developers since June 2019, using malware that infects Windows, macOS, and Linux environments with Python and Node.js installed.
A new campaign called FakeSG, similar to SocGholish, is using hacked WordPress websites to distribute the NetSupport RAT and deliver additional payloads. FakeSG utilizes different layers of obfuscation and delivery techniques.
The cyberattack on TOMRA highlights the ongoing threat to companies involved in critical infrastructure, with potential significant financial and social damage if operations are disrupted.
RWS WorldServer versions 11.7.3 and below suffer from a session token enumeration vulnerability.
Ubuntu Security Notice 6237-1 - Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain show more ... options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service.
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an show more ... already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This Metasploit module will use the vulnerability to create a new admin user that will be used to upload a Openfire management plugin weaponized with a java native payload that triggers remote code execution. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the first version on the 4.8 branch, which is version 4.8.0.
PaulPrinting CMS suffers from persistent cross site scripting vulnerabilities.
Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.
ShowMojo MojoBox Digital Lockbox with firmware versions prior to 1.4 are vulnerable to authentication bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks.
Aures Booking and POS Terminal suffers from a local privilege escalation vulnerability.
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
Ubuntu Security Notice 6236-1 - It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was show more ... discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Webile version 1.0.1 suffers from multiple cross site scripting vulnerabilities.
Dooblou WiFi File Explorer version 1.13.3 suffers from multiple cross site scripting vulnerabilities.
Red Hat Security Advisory 2023-4204-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.
PaulPrinting CMS suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-4201-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
Tiva Events Calender version 1.4 suffers from a persistent cross site scripting vulnerability.
Active Super Shop CMS version 2.5 suffers from an html injection vulnerability.
Red Hat Security Advisory 2023-4202-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
Boom CMS version 8.0.7 suffers from a cross site scripting vulnerability.
Microsoft Office 365 version 18.2305.1222.0 suffers from a remote code execution vulnerability when a malicious link is clicked on in a Word file.
Red Hat Security Advisory 2023-4200-01 - A new release for Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 including security updates is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of show more ... Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.
The call for papers for Hardwear.io 2023 in the Netherlands is now open. It will take place November 2nd through the 3rd, 2023 at the Marriott Hotel, The Hague, Netherlands.
Ubuntu Security Notice 6233-1 - It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. It show more ... was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service.
Clip Share version 4.1.4 suffers from a cross site scripting vulnerability.
Ciuis CRM version 1.0.8 suffers from an add administrator vulnerability.
Red Hat Security Advisory 2023-4203-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
The U.S. government on Tuesday added two foreign commercial spyware vendors, Cytrox and Intellexa, to an economic blocklist for weaponizing cyber exploits to gain unauthorized access to devices and "threatening the privacy and security of individuals and organizations worldwide." This includes the companies' corporate holdings in Hungary (Cytrox Holdings Crt), North Macedonia (Cytrox AD), Greece
Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild. Tracked as CVE-2023-3519 (CVSS score: 9.8), the issue relates to a case of code injection that could result in unauthenticated remote code execution. It impacts the following versions - NetScaler ADC and NetScaler Gateway 13.1
Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to cloud security firm Orca, which discovered and reported the issue. "By abusing the flaw and enabling
Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing threats and managing your attack surface from an attacker's perspective has never been more important. Let's look at why it's growing
U.S. cybersecurity and intelligence agencies have released a set of recommendations to address security concerns with 5G standalone network slicing and harden them against possible threats. "The threat landscape in 5G is dynamic; due to this, advanced monitoring, auditing, and other analytical capabilities are required to meet certain levels of network slicing service level requirements over
The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg. "Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices, an established threat actor like APT 41 including mobile in its arsenal of malware shows how mobile endpoints are high-value
On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed "Operation Cookie Monster," resulted in the arrest of 119 people and the seizure of over $1M in cryptocurrency. You can read the FBI's warrant here for details specific to this case. In light of these events, I'd like to discuss how OSINT
Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft?
