Major cyber-incidents are a good reason to improve things not only in information security, but also in IT. Management is willing to commit resources and genuinely wants positive change, but you need to be realistic about scope and budget. What measures will make the greatest contribution to preventing and minimizing show more ...
The latest edition of the Transatlantic Cable podcast focuses mostly on AI, with an opening salvo of stories, the first is news that the FTC are opening an investigation into Open AI and ChatGPT. From there, discussion moves to a worrying story around artificial intelligence and the recent writers and actors strikes. show more ...
Industry pushback prompts Microsoft to drop premium pricing for access to cloud logging data.
Hint: Organizations are already using a range of AI tools, with ChatGPT and Jasper.ai leading the way.
The cosmetics conglomerate was apparently breached through the infamous MOVEit flaw by both Cl0p and BlackCat, at roughly the same time.
The new independent exam track at Black Hat USA will feature an opportunity for attendees to take a practical exam to be certified in penetration testing.
Malicious activity targeting vulnerable SQL servers has surged 174% compared to 2022, Palo Alto's Unit 42 says.
The models powering generative AI like ChatGPT are open to several common attack vectors that organizations need to understand and get ready for, according to Google's dedicated AI Red Team.
Researchers found that the private keys and secrets they discovered being exposed within the Docker framework are already being used in the wild.
Researcher discovers vulnerabilities in the open source Web application, which were fixed in the latest Apache OpenMeeting update.
Kevin Mitnick, former computer hacker turned speaker and author, has died at the age of 59.
Critical-infrastructure employees are comparatively more engaged in organizational security — and compliance training — than those in other sectors.
Organizations have options when it comes to choosing the right tool to quantify risk
Citrix is urging organizations to immediately patch the unauthenticated RCE vulnerability.
Frameworks can help improve hiring practices and retention, and help guide education — which makes them an important asset worth exploiting.
Analysts continue piecing together who breached JumpCloud, why, and what else they've managed to pull off.
Attackers are apparently trying to exploit two path traversal vulnerabilities in the ‘Stagil navigation for Jira – Menus & Themes’ plugin, the SANS Internet Storm Center warns.
Researchers have discovered a rising trend of .zip domains in phishing campaigns that criminals are utilizing to boost their phishing attacks and improve their effectiveness. Many anti-phishing solutions are designed to scan URLs for suspicious keywords or patterns, but they may not adequately detect zip domains. Stay informed about evolving phishing tactics and invest in robust anti-phishing solutions.
"P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than other worms," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said.
A joint letter by a group of industry experts urges CISA to go further in integrating and advocating threat modeling in the document, which aims to help manufacturers prioritize cybersecurity practices while designing technology products.
In his first public speech, Graeme Biggar, the new chief of the UK's National Crime Agency (NCA), highlighted the emerging links between serious crime groups and nation-state operations in cyberspace.
Over 200,000 OpenAI credentials are available for sale on the dark web, indicating that cybercriminals see potential in using AI tools like ChatGPT for malicious activities.
Over a dozen vulnerabilities patched recently by GE in its Cimplicity product are reminiscent of industrial control system (ICS) attacks conducted by a notorious Russian hacker group.
In an era where cyber threats continue to evolve, healthcare organizations are increasingly targeted by malicious actors employing multiple attack vectors, according to Trustwave.
Successful exploitation of some of these vulnerabilities may lead to complete application or system compromise, Oracle says. Many of the updates also include additional third-party patches.
Symantec's Threat Hunter Team found a new variant of the FIN8’s Sardonic backdoor used to deliver the Noberus ransomware. In this new version, the group behind Sardonic has reworked most of its code, most likely to avoid detection. Organizations are recommended to monitor the networks and the latest versions of PowerShell logged into systems.
The threat actors used email lures, posing as bioscience and health organizations, to entice recipients. The emails contained attached PDFs with information about the organization and the job, as well as salary and equipment specifications.
DeliveryCheck is distributed via email with malicious macros and can breach Microsoft Exchange servers to install a server-side component, turning a legitimate server into a malware C2 server.
U.S. cybersecurity and intelligence agencies have released a set of recommendations to address security concerns with 5G standalone network slicing and harden them against possible threats.
Customers of the Russian medical laboratory Helix have been unable to receive their test results for several days due to a “serious” cyberattack that crippled the company's systems over the weekend.
The ALPHV group claims Estée Lauder has not responded and listed the company on its leak site Tuesday, according to activity observed by Emsisoft Threat Analyst Brett Callow.
Microsoft said in a blog post on Wednesday that it will include “access to wider cloud security logs for our worldwide customers at no additional cost” starting in September and that it would increase default log retention from 90 to 180 days.
The leak, which initially occurred in 2021 but gained more attention after being re-published on a public hacking forum, has led to high-profile users receiving malicious calls, texts, and emails.
Technologies that underpin solar and wind energy storage systems, which are central to transferring renewable power to the grid, are potential hacking risks, experts noted at a congressional hearing Tuesday.
Hackers are using URL redirects within Google ads to lead users to malicious sites, leveraging the trust and legitimacy of Google Ads. This technique, known as BEC 3.0, involves referencing legitimate sites instead of spoofed ones.
Distributed Denial of Service (DDoS) botnets have been used to actively exploit a critical vulnerability found in Zyxel firewall models. The flaw, identified by Fortinet security researchers as CVE-2023-28771, explicitly affects Linux platforms.
A security breach was detected on May 31, 2023, when suspicious activity was identified within its network. The affected systems were immediately taken offline to prevent further unauthorized access.
Debian Linux Security Advisory 5456-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Ubuntu Security Notice 6239-1 - It was discovered that ECDSA Util did not properly verify certain signature values. An attacker could possibly use this issue to bypass signature verification.
The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.
Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
Ubuntu Security Notice 6237-2 - USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly show more ...
Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug show more ...
Online Piggery Management System version 1.0 suffers from a remote shell upload vulnerability.
Red Hat Security Advisory 2023-4177-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, show more ...
Hikvision Hybrid SAN Ds-a71024 firmware suffers from a remote blind SQL injection vulnerability.
Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.
CMS NaiveScripters version 3.0.1 suffers from a cross site scripting vulnerability.
CMS iQ-Digital version 2.0 suffers from a cross site scripting vulnerability.
CMS porViaX version 2.0 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug show more ...
Red Hat Security Advisory 2023-4209-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as show more ...
TP-Link TL-WR740N suffers from a directory traversal vulnerability.
Red Hat Security Advisory 2023-4212-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and show more ...
Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, show more ...
Red Hat Security Advisory 2023-4230-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Pluck version 4.7.18 appears to suffer from a remote shell upload vulnerability.
Blackcat CMS version 1.4 suffers from a remote shell upload vulnerability.
Strengthens threat detection and incident response portfolio to address growing API threats.
Supports company focus on bridging the cyber skills gap, strengthening cyber defenses, and protecting the front lines.
Checkmarx's industry-first AI AppSec plugin works within the ChatGPT interface to protect against new attack types targeting GenAI-generated code.
Updated Evolve Partner Program offerings expand support and solution options for MSPs driving security modernization and network transformation.
Egress also launches adaptive security architecture, which dynamically adjusts email security controls based on aggregated data including KnowBe4's user risk score.
The SaaS product is available under the Company's early access program as a closed, invitation-only beta experience, as part of the Plurilock AI platform.
US Air Force veteran and Mandiant CEO discussed dwell time and state-sponsored attacks at the Military Cyber Professionals Association's HammerCon conference.
Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer (P2P) worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than other worms," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said. "This
Microsoft on Wednesday announced that it's expanding cloud logging capabilities to help organizations investigate cybersecurity incidents and gain more visibility after facing criticism in the wake of a recent espionage attack campaign aimed at its email infrastructure. The tech giant said it's making the change in direct response to increasing frequency and evolution of nation-state cyber
Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild. The critical shortcoming, tracked as CVE-2023-38205 (CVSS score: 7.5), has been described as an instance of improper access control that could result in a security bypass. It impacts the following versions: ColdFusion 2023 (Update
The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck (aka CAPIBAR or GAMEDAY) that's capable of delivering next-stage payloads. The Microsoft threat intelligence team, in collaboration with the Computer Emergency Response Team of Ukraine (CERT-UA), attributed the attacks to a Russian nation-state actor known as Turla, which is
Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser
Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization's files, and then threatening to publish the stolen data on a leak site as leverage to convince
Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. "Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin account," Sonar vulnerability
An analysis of the indicators of compromise (IoCs) associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that's reminiscent of the supply chain attack targeting 3CX. The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns. It's worth noting
If it seems like Remote Desktop Protocol (RDP) has been around forever, it's because it has (at least compared to the many technologies that rise and fall within just a few years.) The initial version, known as "Remote Desktop Protocol 4.0," was released in 1996 as part of the Windows NT 4.0 Terminal Server edition and allowed users to remotely access and control Windows-based computers over a
Former Prime Minister Boris Johnson wants to hand over his WhatsApp messages - or does he? And a couple of fun-loving girls from Aberdeen have come up with a sinister twist on sextortion scams. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley (from a mystery location) and Carole Theriault.
The FBI warns that tech support scammers are increasingly telling their victims to send actual cash, concealed in newspaper or a magazine, rather than wiring funds. But why? Read more in my article on the Tripwire State of Security blog.
If you thought hackers might be causing your company a few headaches, pity the folks at Estée Lauder. Two different ransomware groups have listed the cosmetics maker on their leak sites on the dark web, as a result of seemingly separate attacks. Read more in my article on the Hot for Security blog.
That ‘employer’ you’re speaking to may in reality be after your personal information, your money or your help with their illegal activities
