In this blog we usually discuss software solutions for information security. But one of the important aspects of cybersecurity is various measures aimed at preventing physical access to data and devices that contain it. Here, of course, there is no doing without hardware. So, here I overview several categories of show more ...
Mandiant's IoC Scanner will help enterprises collect indicators of compromise on affected Citrix NetScaler products.
While relatively unchanged, the notorious IoT botnet still continues to drive DDoS.
Threats and opportunities are abound for the UAE and Gulf states, so can they deal with being a cybersecurity stronghold?
Researchers found that many Dark Web forums have stronger password rules than most government and military entities.
Iranian threat actors are combining offensive network ops with messaging and amplification to manipulate targets' perceptions and behavior. Here are three examples.
Nearly 90% of malicious emails manage to get past SPF, DKIM, or DMARC, since threat actors are apparently using the same filters as legitimate users.
CISOs must demonstrate that security processes and updates reduce risk in measurable ways. Put emphasis on action, get the basics right, and improve processes.
Attackers sent more than 1,000 emails with 2FA, MFA, and other security-related lures aimed at stealing Microsoft credentials.
This time, it's the law firm that got breached, then sued for what victims claim was inadequate protection and compensation for theft of personal data.
The phishing campaigns identified by Netskope not only abuse Cloudflare R2 to distribute static phishing pages, but also leverage its Turnstile offering, a CAPTCHA replacement, to place such pages behind anti-bot barriers to evade detection.
The lawsuit complaint stems from a March hacking incident at San Francisco-based Orrick, Herrington & Sutcliffe that compromised the information of nearly 153,000 individuals, including victims of a client's data breach three years ago.
Tracked as CVE-2023-3519, the critical vulnerability was disclosed last month as a zero-day, being exploited since June 2023, including in attacks against critical infrastructure organizations.
The intrusion continues to disrupt "parts of the company's business operations," and it is "working diligently to respond to and address this issue, and is also coordinating with law enforcement," according to the Form 8-K submission.
District leaders initially said they were working to address a “broad network outage” that knocked out email and other services. On Monday night, the district released a statement saying 4,500 of the system’s 180,000 accounts were “impacted.”
Two stack-based buffer overflows collectively tracked as CVE-2023-32560 impact Ivanti Avalanche, an enterprise mobility management (EMM) solution designed to manage, monitor, and secure a wide range of mobile devices.
As reported today by Cyberint, many LinkedIn users have been complaining about account takeovers or lockouts and an inability to resolve the problems through LinkedIn support.
Knight ransomware, a recycled version of Cyclops ransomware, is being used in an ongoing spam campaign impersonating TripAdvisor.
The breach affected some 2.3 million TIAA clients, according to a lawsuit filed last week in U.S. District Court in New York. The suit alleges TIAA did not use “reasonable security procedures and practices” to protect clients’ sensitive information.
The flaws have to do with the service's lax policy surrounding package names, lacking protections against typosquatting attacks, as a result enabling attackers to upload malicious PowerShell modules that appear genuine to unsuspecting users.
The U.S. Chamber of Commerce urged the Securities and Exchange Commission to delay by a year the effective date of new cybersecurity rules, saying the regulatory move could otherwise have “severe consequences” for companies.
The developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cybercriminals.
California regulators are examining how automakers and others handle data collected from internet-connected vehicles, the California Privacy Protection Agency said late last month.
Real estate agents' ability to list or update property information has been compromised by an attack on California-based data services company Rapattoni, which hosts multiple listing services.
According to Cofense, who spotted this campaign, this is the first time that QR codes have been used at this scale, indicating that more phishing actors may be testing their effectiveness as an attack vector.
Google on Tuesday announced the release of Chrome 116 to the stable channel with patches for 26 vulnerabilities, including 21 reported by external researchers. Of the externally reported bugs, eight have a severity rating of ‘high.’
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared show more ...
The AudioCodes VoIP phones can be managed centrally, whereby configuration files are provided and requested by the phones at a central location. These configuration files can also be provided in encrypted form. This is intended to protect sensitive information within the configuration files from unauthorized access. show more ...
The AudioCodes VoIP phones store sensitive information, e.g. credentials and passwords, in encrypted form in their configuration files. These encrypted values can also be automatically configured, e.g. via the "One Voice Operation Center" or other central device management solutions. Due to the use of a show more ...
AudioCodes VoIP Phones with firmware versions greater than or equal to 3.4.4.1000 have been found to have validation of firmware images that only consists of simple checksum checks for different firmware components.
Hyip Rio version 2.1 suffers from an arbitrary file upload vulnerability that can be leveraged to commit cross site scripting attacks.
Ubuntu Security Notice 6294-1 - Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the payload and bypass certain restrictions.
Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4612-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.7.13 serves as a replacement for Red Hat support show more ...
Ubuntu Security Notice 6293-1 - It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data.
Ubuntu Security Notice 6292-1 - It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root.
Ubuntu Security Notice 6291-1 - Hanno Bock discovered that GStreamer incorrectly handled certain datetime strings. An attacker could possibly use this issue to cause a denial of service or expose sensitive information.
Red Hat Security Advisory 2023-4603-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.9.
Red Hat Security Advisory 2023-4582-01 - Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers are now available. Issues addressed include a code execution vulnerability.
Ubuntu Security Notice 6290-1 - It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, show more ...
Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of show more ...
Red Hat Security Advisory 2023-4629-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of show more ...
Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private show more ...
Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
ExcessWeb and Network CMS version 4.0 suffers from a database disclosure vulnerability.
Evsanati Radyo version 1.0 suffers from an ignored default credential vulnerability.
Event Locations CMS version 1.0.1 suffers from a cross site scripting vulnerability.
Erim Upload version 4 suffers from a database disclosure vulnerability.
E-partenaire LMS version 1.0.0 suffers from a cross site scripting vulnerability.
EMH CMS version 0.1 suffers from a cross site scripting vulnerability.
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not favorable. A valid show more ...
Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable NetScalers to gain persistent access," NCC Group said in an advisory released Tuesday. "The adversary can
At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams. The heart of the problem is the value of data to cybercriminals and the evolution of the techniques they use to get hold of it. The 2023 Verizon Data Breach Investigations Report (DBIR) revealed that 83% of breaches involved external actors, with almost all attacks being financially motivated
Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry's users. "These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package," Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared
More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud workload. Some teams may rely on their existing network security solutions. According to a new guide
Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative. "This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium's resilience against quantum attacks," Elie Bursztein and Fabian Kaczmarczyck
Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that’s used by 30,000 organizations. The vulnerabilities, collectively tracked as CVE-2023-32560 (CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0. Cybersecurity company Tenable said the shortcomings are the result of buffer
The LockBit ransomware gang may be having more than a few headaches right now. According to a researcher who spent a year undercover gathering intelligence on the LockBit group, the ransomware gang is trying to cover up "the fact it often cannot consistently publish stolen data."
Someone clearly isn't very impressed with Vladimir Putin, as the Russian economy continues to tank in the wake of sanctions.
When it comes to privacy, it remains complicated and near impossible for a consumer to make an informed decision.
