In Episode 312 of the Transatlantic Cable Podcast, we delve into how cybercriminals exploit hacked websites, particularly WordPress-based ones, for phishing. Discover their tactics, risks involved, and signs of such attacks. We also uncover phishers strategies, from hacking sites to evading detection, along with show more ...
You’ve probably never heard of “16Shop,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, show more ...
Security demands a strong fortress in cyberspace, and Dubai has rolled out two cybersecurity strategies to protect the data of the government and citizens.
Microsoft is aware of the issue, but so far its attempts to address it don't appear to have worked, the vendor says.
How mobile attackers could gaslight iPhone users, allowing the perfect cover for post-exploitation malicious activity.
Users report losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion.
Cyberattackers are slow to implement AI in their attack chains, according to Mandiant's analysis.
Even after updating Citrix networking appliances to address the critical vulnerability, enterprise defenders have to check each one to ensure they have not already been compromised.
Attackers use remote monitoring and management tools at MSPs to gain unfettered access to target networks.
A Biden administration adviser puts federal departments and agencies on notice to come into full compliance with presidential guidelines by the end of the year.
Check out our list of emerging firms that are building technology and services to assess the risk posture of AI systems and ML models.
Digital commerce remains the richest target for cybercriminals, yet physical payment threats remain strong.
Zscaler ThreatLabz detected and dissected Statc Stealer, a potent information-stealing malware targeting Windows systems. This C++-based malware effectively extracts sensitive data from popular web browsers, cryptocurrency wallets, and messaging apps like Telegram. To counteract the risks, the implementation of show more ...
The best strategy against ransomware attacks is a combination of robust defenses to protect assets and a focus on resilience and flexibility to minimize disruptions and respond effectively to incidents.
One of the PDFs delivered a variant of Duke, malware that has been linked to Russian state-sponsored cyber-espionage activities of APT29, also known as Nobelium, Cozy Bear, and The Dukes.
A report, Circles of Trust 2023: Exploring Consumer Trust in the Digital Society, published by Utimaco, suggests only 14% of consumers view smart devices as secure, despite 38% using them.
CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild.
The development comes less than a week after the tech giant said it plans to add support for quantum-resistant encryption algorithms in Chrome 116 to set up symmetric keys in TLS connections.
The proxy application is silently installed by malware on infected systems without user knowledge or interaction, and it goes undetected by anti-virus software as it is signed.
Threat actors are using advanced cloaking techniques in malvertising campaigns to remain undetected and drop malware, making it more challenging for defenders to identify and report these incidents.
Several LinkedIn users have reported difficulties in recovering their hacked or locked-out accounts through LinkedIn support. Some claimed to have faced ransom demands or account deletion threats. In the past few months, according to Google Trends, there’s been a 5000% increase in searches related to LinkedIn account hacks and recovery.
Misconfigurations play a central and persistent role in cyber intrusions. According to Google Cloud research released earlier this month, poor identity and access management is directly linked to more than 3 in 5 compromises in the cloud.
One in three students at British universities encountered fraud attempts online last year, according to a new study from NatWest. A third of respondents said they’d encountered a scam over the previous 12 months.
After a 6-month hiatus, the developers behind the notorious Raccoon Stealer information-stealing malware have reintroduced version 2.3.0 to cybercriminal forums. Its enhanced features include a quick search tool, anti-suspicion measures against security-assisting bots, IP reporting to deter monitoring, and a log stats panel.
A BlackBerry threat intelligence report revealed a 40% rise in cyberattacks against government and public service entities versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily.
Threat intelligence is more abundant than ever. The information defenders can use to hunt, prepare for and counter potential threats isn’t hard to find, but it is fragmented.
An analysis of more than 400 malware families deployed over the past two years found that at least a quarter of them abused legitimate internet services in some way as part of their infrastructure.
The HHS' Advanced Research Projects Agency for Health (Arpa-H) launched an initiative to find and help fund the development of cybersecurity technologies that can specifically improve defenses for digital infrastructure in US health care.
The underground market for SMS Bomber services is thriving, with various platforms offering attack services for a fee, highlighting the need for increased security measures in registration pages and APIs.
In an announcement Wednesday, CISA said it worked with industry partners as part of the Joint Cyber Defense Collaborative (JCDC) to create a “clear roadmap to advance security and resilience of the RMM ecosystem.”
The Sysdig Threat Research Team (TRT) recently discovered a new, financially motivated operation, dubbed LABRAT. This operation set itself apart from others due to the attacker’s emphasis on stealth and defense evasion in their attacks.
The New York City’s tax collection agency accidentally shared the home addresses, cell phone numbers, and personal email addresses of more than 1,700 workers with all those employees.
The Play ransomware group is targeting managed security service providers (MSSPs) to gain initial access and use up to a half-decade-old vulnerabilities in security appliances, warn security researchers with Adlumin.
There exists a .NET deserialization vulnerability in Greenshot versions 1.3.274 and below. The deserialization allows the execution of commands when a user opens a Greenshot file. The commands execute under the same permissions as the Greenshot service. Typically, it is the logged in user.
Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails. Maltrail versions below 0.54 suffer from a command injection vulnerability. The subprocess.check_output function in mailtrail/core/http.py contains a command injection show more ...
Ubuntu Security Notice 6296-1 - It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. It was discovered that PostgreSQL incorrectly handled the MERGE show more ...
Ubuntu Security Notice 6295-1 - It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execute binary code.
Debian Linux Security Advisory 5478-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.
In this Dark Reading News Desk segment, Terence Liu of TXOne Networks discusses operational technology and industrial cybersecurity.
In this Dark Reading News Desk segment, Normalyze’s Ravi Ithal discusses cloud security and data security posture management (DPSM).
In this Dark Reading News Desk segment, John Shier, Field CTO Commercial, Sophos, discusses the "Royal" ransomware.
In this Dark Reading News Desk segment, Cybersixgill's Michael-Angelo Zummo discusses how to empower security with AI.
In this Dark Reading News Desk segment, Nick Biasini from Cisco Talos discusses the latest attacker tactics, techniques, and procedures (TTPs).
In this Dark Reading News Desk segment, Lookout Mobile Security's Justin Albrecht discusses APT attacks targeting mobile users.
In this Dark Reading News Desk segment, BitSight's Gregory Keshian discusses external attack surface management and security performance management.
In this Dark Reading News Desk segment, OPSWAT founder Benny Czarny outlines the threat landscape affecting critical infrastructure sectors.
In this Dark Reading News Desk segment, CrowdSec CEO/co-founder Philippe Humeau discusses how the concept of a network effect applies to threat management.
In this Dark Reading News Desk segment, Cribl's Abby Strong and Exabeam's Chris Cesio discuss how their companies work together to detect and respond to threats.
In this Dark Reading News Desk segment, Infoblox's Dr. Renée Burton discusses why better DNS monitoring is so important.
In this Dark Reading News Desk segment, Qualys CEO and president Sumedh Thakar offers advice on reducing cloud risks.
In this Dark Reading News Desk segment, Interpres Security's Nick Lantuh discusses how security practitioners can get the most out of various threat intelligence offerings.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active in-the-wild exploitation. Tracked as CVE-2023-24489 (CVSS score: 9.8), the shortcoming has been described as an improper access control bug that, if successfully exploited
An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock,
Changes in the way we work have had significant implications for cybersecurity, not least in network monitoring. Workers no longer sit safely side-by-side on a corporate network, dev teams constantly spin up and tear down systems, exposing services to the internet. Keeping track of these users, changes and services is difficult – internet-facing attack surfaces rarely stay the same for long. But
A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform (WFP) to achieve privilege escalation in the Windows operating system. "If an attacker has the ability to execute code with admin privilege and the target is to perform LSASS Shtinkering, these privileges are not enough," Ron Ben Yizhak, a security researcher at Deep Instinct, told The
An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons on compromised systems. Cybersecurity firm SentinelOne said the tactics, techniques, and procedures point to the involvement of a threat actor tracked as Bronze Starlight (aka Emperor Dragonfly or Storm-0401), which has been linked to the use of short-lived
Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and main access to an Apple device even when the victim believes it is offline. The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial
A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. "The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware, command-and-control (C2) tools which bypassed firewalls, and kernel-based rootkits to hide their presence," Sysdig
Are you the kind of person who runs the beta-test versions of mobile apps before they are officially released? If so, the FBI is warning you to be on your guard. Read more in my article on the Hot for Security blog.
AI chatbots are under fire in Las Vegas, the secrets of hackers’ passwords are put under the microscope, and Graham reveals (possibly) the greatest TV programme of all time. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Security researchers have identified that a widespread LinkedIn hacking campaign has seen many users locked out of their accounts worldwide. Read more in my article on the Tripwire State of Security blog.
ESET researchers have observed a new phishing campaign targeting users of the Zimbra Collaboration email server.
