The popular if it aint broke, dont fix it principle has reigned supreme in the computing world since the year dot. However, it has become an unaffordable luxury. The proliferation of cyberattacks — including on scientific and medical organizations — presents both IT and infosec services with a real dilemma. To show more ...
.jpg)
The 4-month-old ransomware gang is now actively targeting VMware's virtual environments with a second variant of its custom malware.
Companies should use a variety of tools and strategies, both technical and policy, to protect their IP from third-party risk.
The apparent pro-Iranian Cyber Avengers posted images of BAZAN Groups's SCADA systems, diagrams, and programmable logic controller (PLC) code.
Omdia's latest research with Trend Micro and CTOne sheds light on 5G security challenges and ways to effectively extend enterprise-grade security to 5G networks
US officials are concerned that the Beijing-directed cyberattacks could be a precursor to military disruption and broader destructive attacks on citizens and businesses.
From the upcoming Billion Dollar Heist to docs on the Ashley Madison breach and Stuxnet, here are a bevy of films that can scratch that wanna-be hacker itch.
Researchers uncovered new worming second-stage tools used to locally exfiltrate data from air gapped ICS environments, putting threat actors one step away from transmission of the info to a C2.
The revival of the beloved online multiplayer video game was short-lived once players detected unusual activity and behavior that portended malware.
"SUBMARINE comprises multiple artifacts — including a SQL trigger, shell scripts, and a loaded library for a Linux daemon — that together enable execution with root privileges, persistence, command and control, and cleanup," the agency said.
The Dark Power ransomware exploits vulnerabilities in kernel-related APIs to quickly propagate through the cyber-kill chain. It also leverages DLLs such as kernel32.dll, bcrypt.dll, and ole32.dll to carry out its malicious activities.
New research has highlighted the severe risks posed by forged certificate attacks, which can lead to unauthorized access to important company resources. These attacks are driven by the Shadow Credentials technique.
The Iranian hacktivist group, Cyber Avengers, has taken responsibility for breaching BAZAN's network and leaked screenshots of the company's SCADA systems on its Telegram channel.
Python security fixes often happen through "silent" code commits, without an associated Common Vulnerabilities and Exposures (CVE) identifier, according to a group of computer security researchers.
Abyss Locker is a relatively new ransomware operation that is believed to have launched in March 2023. Like other ransomware operations, the threat actors breach corporate networks, steal data for double-extortion, and encrypt devices on the network.
The Call of Duty: Modern Warfare 2 servers were taken offline due to the presence of a self-spreading worm virus targeting PC gamers. Hackers used hacked lobbies to spread the malware, infecting multiple players' devices with the virus.
The provider of health, dental, and wellness benefits at the University of Guelph (U of G) has begun notifying students of a data breach which included access to personal information.
Zero Trust Network Access (ZTNA) should leverage contextual information, implement continuous authentication mechanisms, and be application-aware to make access decisions and reduce the risk of unauthorized access.
An unprotected database belonging to the Southern Association of Independent Schools (SAIS) was found exposing sensitive data on students, parents, and teachers, including health records, social security numbers, and confidential security reports.
The New Jersey Supreme Court agreed to review the legal fight between Merck and several of the world’s top insurance providers involving $1.4 billion in claims stemming from the 2017 NotPetya cyberattack.
EyeShell is a .NET-based modular backdoor that can contact a remote C2 server and execute commands to enumerate files and directories, download and upload files to and from the host, execute a specified file, delete files, and capture screenshots.
Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection.
Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT.
MalwareHunterTeam reported a new variant of the Abyss Locker ransomware designed to target Linux-based VMware ESXi servers. It employs SSH brute force attacks to gain unauthorized access to servers. The ransomware has claimed data theft ranging from 35GB to 700GB. Researchers also suspect a connection with HelloKitty ransomware due to similar code elements.
The possibility of a U.S. Cyber Force moved one step closer to reality on Thursday after the Senate approved its version of a massive defense policy bill. The $886 billion National Defense Authorization Act passed in an 86-11 vote.
The shift towards zero-click exploits and new browser mitigations has led to a decrease in browser zero-days, but attackers are still finding ways to exploit vulnerabilities in other components.
BleedingPipe is a vulnerability found in many Minecraft mods caused by the incorrect use of deserialization in the 'ObjectInputStream' class in Java to exchange network packets between servers and clients.
"Cyber education and workforce development have not kept pace with demand and the rapid pace of technological change," says the strategy document. "Moreover, skills in demand in the cyber workforce are evolving."
For every 10,000 enterprise users, an enterprise organization is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month, according to Netskope.
Ubuntu Security Notice 6262-1 - It was discovered that Wireshark did not properly handle certain NFS packages when certain configuration options were enabled. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. It was discovered that Wireshark did not properly show more ...
Debian Linux Security Advisory 5463-1 - A security issue was discovered in Thunderbird, which could result in spoofing of filenames of email attachments.
RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware.
Red Hat Security Advisory 2023-4329-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
Debian Linux Security Advisory 5462-1 - Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in AMD "Zen 2" CPUs may not be written to 0 correctly. This flaw allows an attacker to leak sensitive information across concurrent processes, hyper threads and virtualized guests.
This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform (CDP). The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may lead to remote code execution due to the rudder role in PostgreSQL having superuser permissions by default.
Ubuntu Security Notice 6261-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Shir Tamari and show more ...
Joomla iProperty Real Estate extension version 4.1.1 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2023-4332-01 - An update for bind is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important.
Red Hat Security Advisory 2023-4326-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
Codecanyon Bitcoin Tools Suite version 1.0 suffers from a local file inclusion vulnerability.
CMVC SHOP LMS version 2.1.0 suffers from a remote SQL injection vulnerability.
mRemoteNG version 1.77.3.1784-NB exploit that extracts sensitive information that is stored in memory in the clear but encrypted at rest.
Debian Linux Security Advisory 5461-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2023-4325-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
GreenShot version 1.2.10 suffers from an insecure deserialization arbitrary code execution vulnerability.
Red Hat Security Advisory 2023-4289-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
CMSshop version 1 suffers from a cross site scripting vulnerability.
Copyparty version 1.8.2 suffers from a directory traversal vulnerability.
Copyparty version 1.8.6 suffers from a cross site scripting vulnerability.
169 bytes small Windows/x64 PIC NULL-free calc.exec shellcode.
Red Hat Security Advisory 2023-4328-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
CMSninesol version 1.0 suffers from a cross site scripting vulnerability.
Six focus areas to address the top security challenges facing healthcare organizations today.
More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021. AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim's bandwidth for what appears to be an
Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. "Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps," cybersecurity
Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data. The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack said in a report last week. Ninja Forms is installed on over 800,000 sites. A brief description
The P2PInfect peer-to-peer (P2) worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security researchers Nate Bill and Matt Muir said in a report shared with The Hacker News. "A common attack
Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also known by the names Operation Hangover and Zinc Emerson, is suspected to be a threat group that
Demand for Virtual CISO services is soaring. According to Gartner, the use of vCISO services among small and mid-size businesses and non-regulated enterprises was expected to grow by a whopping 1900% in just one year, from only 1% in 2021 to 20% in 2022! Offering vCISO services can be especially attractive for MSPs and MSSPs. By addressing their customers’ needs for proactive cyber resilience,
