Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks. The next time you receive a breach notification show more ...
Detections of rootkit attacks against businesses in the United Arab Emirates are up 167% in 2023, with an increased view of their use in the Middle East overall.
Sophisticated fraudsters are exploiting ChatGPT and CAPTCHAs to evade enterprise security defenses.
In separate targeted incidents, threat actors tried to upload malware into the Node Package Manager registry to gain access and steal credentials.
China-inked APT actors could have single-hop access to the gamut of Microsoft cloud services and apps, including SharePoint, Teams, and OneDrive, among many others.
Hosts Sophia d'Antoine and Ian Roos presented the list at Summercon in Brooklyn, where they also handed out a surprise Lifetime Achievement Award.
In a nod to its centrality in IP networking, a Forescout researcher will parse overlooked vulnerabilities in the Border Gateway Protocol at Black Hat USA.
Registration has opened for the cybersecurity specialty track at Tuwaiq Academy, where students will learn a variety of related skills.
With Big Tech companies pledging voluntary safeguards, industry-watchers assume that smaller AI purveyors will follow in their wake to make AI safer for all.
CVSS Version 4 arguably performs better, but companies also need to tailor any measure of threat to their own environment to quickly evaluate new software bugs for patching order.
GitHub attributed the attacks to a group known at Microsoft (which owns GitHub) by the name “Jade Sleet” and called TraderTraitor by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Among the most serious attacks during Q2 2023, researchers noted an ACK flood DDoS attack that originated from a Mirai-variant botnet comprising about 11,000 IP addresses. The attack targeted an ISP in the U.S. and peaked at 1.4 terabits per second.
Microsoft, Google, and Apple were the most frequently impersonated brands in phishing attacks during Q2 2023, highlighting the need for cybersecurity measures to protect against brand phishing.
Analysis of the infrastructure linked to the JumpCloud intrusion reveals patterns consistent with previous DPRK-linked campaigns, highlighting their unique tactics and techniques.
A new malicious campaign FakeSG has emerged, mirroring the tactics of the well-known SocGholish in delivering the NetSupport RAT through compromised WordPress websites. FakeSG imitates browser update templates based on the victim's browser and uses different layers of obfuscation and delivery techniques. It is recommended to patch any vulnerabilities in your WordPress site/s.
The Chinese nation-state group APT41 has been associated with two new Android spyware strains, named WyrmSpy and DragonEgg. The initial infection vector for the mobile surveillanceware campaign remains uncertain, but social engineering is suspected. Users should avoid downloading apps from untrusted third-party sources or download apps with credibility.
The number of successful ransomware attacks and data breach attempts fell by 30% over the last year, the number of reported security incident types at organizations increased, according to the 2023 Cybersecurity Perspectives Survey by Scale.
Mallox ransomware is a strain of ransomware that targets Microsoft Windows systems. It has been active since June 2021 and has recently seen an increase in activity, with a 174% rise in attacks compared to the previous year.
As modern software trends toward distributed architectures, microservices, and extensive use of third-party and open-source components, dependency management only gets harder, according to Endor Labs.
The new vulnerabilities disclosed by Eclypsium on Thursday are CVE-2023-34329, a critical authentication bypass issue that can be exploited by spoofing HTTP headers, and CVE-2023-34330, a code injection flaw.
According to the new data presented in Salt Security's 2023 State of API Security for Financial Services and Insurance report, nearly 70% of financial services and insurance companies have encountered rollout delays due to API security issues.
On average, SOC teams receive 4,484 alerts daily and spend nearly three hours a day manually triaging alerts, according to a study by Vectra AI. Security analysts are unable to deal with 67% of the daily alerts received.
Cybersecurity researchers discovered a new P2P worm named P2PInfect that targets vulnerable Redis instances for exploitation. The worm is notable for its use of the critical Lua sandbox escape flaw, identified as CVE-2022-0543, to infect systems. Written in Rust, its attacks are more scalable than other worms. Organizations must use IOCs around the worm's modus operandi and implement robust security measures.
On July 19, Adobe issued another ColdFusion update to fix three new CVEs. One of them, CVE-2023-38205, is the bypass for CVE-2023-29298. The software giant warned in its advisory that CVE-2023-38205 has been exploited in the wild in limited attacks.
Over eight in 10 (83%) of the UK’s critical national infrastructure (CNI) firms believe new technologies designed to enhance sustainability will become a significant vector for cyberattacks, according to Bridewell.
A smishing campaign is targeting Japanese Android users by posing as a power and water infrastructure company and luring victims to a phishing website to download the SpyNote malware.
Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers.
Mallox ransomware activity surged by nearly 174% in 2023, using the new variant Xollam, employing the double extortion tactic to demand ransom from victims. The development is also being perceived as more affiliate groups coming together in this mission. Organizations must remain vigilant and adapt security measures to stay one step ahead of such threats.
The U.S. Justice Department and the Federal Trade Commission (FTC) announced that Amazon has agreed to pay a $25 million fine to settle alleged children's privacy laws violations related to the company's Alexa voice assistant service.
A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts.
A Chinese cyber-espionage campaign revealed by Microsoft last week compromised the government email account of the US ambassador to China and other officials, a new report has claimed.
Sophisticated DDoS attacks worldwide reached 5.4 trillion in Q2 2023. This represents a 15% increase compared to the number of attacks observed in Q1 2023. One of the factors associated with the pro-Russia hacker groups REvil, Killnet, and Anonymous Sudan targeting Western websites amid the war in Ukraine. show more ...
The exposed data included passwords, secret tokens, and credentials, which could have been used by malicious actors to carry out attacks such as phishing campaigns and website manipulation.
The US Cybersecurity and Infrastructure Security Agency (CISA) revealed on Thursday that the recently disclosed Citrix zero-day vulnerability tracked as CVE-2023-3519 has been exploited against a critical infrastructure organization.
A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office.
In a recent encounter, security researchers stumbled across a HotRat malware distribution campaign that cybercriminals were offering bundled as cracked programs and games. HotRat is an offshoot of the open-source AsyncRAT framework. Implement strict software policies, regularly update and patch systems, and educate users about the risks of using cracked software.
Ubuntu Security Notice 6232-1 - It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information.
Red Hat Security Advisory 2023-4241-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
Red Hat Security Advisory 2023-4159-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4178-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4093-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.
WordPress Page Builder KingComposer plugin version 2.9.5 suffers from an open redirection vulnerability.
WordPress ChurcHope Responsive Themes version 4.7.x suffers from a directory traversal vulnerability.
Red Hat Security Advisory 2023-4091-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.
CMS-Bank Mellat Payment Manager version 1.0.0 suffers from a cross site scripting vulnerability.
RaidenFTPD version 2.4.4005 suffers from a buffer overflow vulnerability.
Red Hat Security Advisory 2023-4090-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5.
CMS TSS-EST version 1.0.0 from a remote SQL injection vulnerability that allows for authentication bypass.
Foody Friend version 1.0 suffers from an arbitrary file upload vulnerability that can assist in cross site scripting attacks.
CMS Supported IRF-TH version 2.0.6 suffers from a cross site scripting vulnerability.
Wifi Soft Unibox Administration versions 3.0 and 3.1 suffer from a remote SQL injection vulnerability.
Red Hat Security Advisory 2023-4238-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
CMS SAUDI SOFTECH version 5.0.2 suffers from a remote SQL injection vulnerability.
CMS NEXIN version 2.0 appears to leave default credentials installed after installation.
CMS Emlak Scripti version 2 suffers from a cross site scripting vulnerability.
Buzzy News Viral Lists Polls and Videos version 2.0 appears to leave default credentials installed after installation.
Listplace Directory Listing Platform version 3.0 suffers from an arbitrary file upload vulnerability that can assist in cross site scripting attacks.
CMS Contabil Bandeirantes version 1.0.0 suffers from a cross site request forgery vulnerability.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Thursday warning that the newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices is being abused to drop web shells on vulnerable systems. "In June 2023, threat actors exploited this vulnerability as a zero-day to drop a web shell on a critical
Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems. "Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America,
A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts. "BundleBot is abusing the dotnet bundle (single-file), self-contained format that results in very low or no static detection at all," Check Point said in a report
Regardless of the country, local government is essential in most citizens' lives. It provides many day-to-day services and handles various issues. Therefore, their effects can be far-reaching and deeply felt when security failures occur. In early 2023, Oakland, California, fell victim to a ransomware attack. Although city officials have not disclosed how the attack occurred, experts suspect a
The recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD or AAD) tokens to gain illicit access to Outlook Web Access (OWA) and
A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. "HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and
Responses generated by ChatGPT about individual people could be misleading or harmful or spill their personal information. What are the takeaways for you as a ChatGPT user?
