Tavis Ormandy, Google security researcher, has published details on a hardware vulnerability found in AMD CPUs. The vulnerability affects the Zen 2 series CPUs, first presented in 2019. Even though an obsolete architecture, it was still used in CPUs as late as early 2021. The lineup includes CPUs for personal show more ...
The company’s moves to expand its TLS and domain name services strengthens the security and trust of its global web infrastructure.
A good chunk of the entire user base of a particular email service is being targeted for sensitive credentials.
Determining what to report, and what details to disclose, is a complex question with elusive answers.
Joining a growing group of cybersecurity-related "maturity models," PKIMM allows companies to measure their progress and benchmark themselves against other firms.
Neglecting security of Border Gateway Protocol (BGP) and other routing protocols has created multiple vulnerabilities that must be addressed.
Interpol- and Afripol-led crackdown disrupts cybercrime ecosystem responsible for some $40 million in losses to victims.
CISA's public-private partnership produces RMM strategies to shore up critical infrastructure and to educate the MSPs that provide remote access to them.
If rule writing for SIEMs isn't managed properly, it can lead to false positives and misconfigurations, which create extra work for the SOC team.
Cofense detected a significant phishing campaign that employed QR codes to target Microsoft credentials across various industries. Among the targets, a major U.S.-based energy company stood out, with around 29% of over 1,000 malicious QR code emails directed at it. Organizations should consider bolstering their show more ...
When businesses override a customer's security decision, does it make them fully liable when a breach occurs? That's a question banks like those in Singapore need to consider before they roll out their next security feature.
A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform (WFP) to achieve privilege escalation in the Windows operating system.
In a report published on Wednesday, the Federal Criminal Police Office of Germany, or BKA, said the country had recorded 136,865 cases of cybercrime in 2022, resulting in an estimated loss of 203 billion euros.
The consolidated proposed class action lawsuit filed last year alleges that Facebook and Instagram parent Meta violated privacy laws by obtaining the sensitive data of millions of patients through its web tracking Pixel tool.
Fundamental defenses — identity and access management, MFA, memory-safe languages, patching and vulnerability management — are lacking or nonexistent across the economy, according to cybersecurity experts.
Hackers based in China are targeting the gambling sector across Southeast Asia in a campaign that researchers say is closely related to data collection and surveillance operations identified earlier this year.
Suncor Energy executives said the Canadian energy giant has recovered most of its normal operations since a June cyberattack. But the incident was serious, executives said, and Suncor learned significant lessons.
Researchers at threat intelligence company Flare poured through three months of IAB offers on the Russian-language hacker forum Exploit to better understand who they target, their ask prices, and who are the most active.
Phishing remains the most dominant and fastest-growing internet crime, largely due to the ubiquity of email and the ceaseless issue of human error that is preyed upon by today’s threat actors, according to Cloudflare.
Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline.
ESET researchers have discovered a widespread phishing campaign targeting users of the Zimbra Collaboration email server. The campaign, which has been active since April 2023, aims to collect Zimbra account users' credentials.
Cleveland City Schools say they are dealing with the aftermath of a ransomware attack Tuesday. They say less than 5% of faculty and staff devices were affected. A CCS spokesperson says their printers are down.
The main advantage of this approach is to evade detection by security tools using static analysis and hamper examination by researchers, delaying the development of an in-depth understanding of how an Android malware strain works.
Microsoft has discovered a new version of the BlackCat ransomware that embeds the Impacket networking framework and the Remcom hacking tool, both enabling spreading laterally across a breached network.
Malwarebytes Labs identified a new trend in malvertising campaigns that use advanced cloaking techniques to evade detection. Threat actors are targeting the users of popular IT programs by creating malicious ads displayed on Google search results. To safeguard against ever-evolving malvertising tactics, security experts must prioritize regular website security audits, robust traffic analysis, and anomaly detection.
ESET uncovered an ongoing phishing campaign targeting Zimbra Collaboration users, aiming to harvest their Zimbra account credentials. The phishing emails lure victims by posing as email server updates, account deactivations, or similar issues, and directing them to click on an attached HTML file. Security teams are advised to implement necessary email security controls to stay safe.
The long-standing WoofLocker tech support scam campaign, initiated in 2017, remains active with enhanced resilience as it employs a unique traffic redirection approach on compromised websites. Redirecting targeted users to a fake virus warning browser locker screen, WoofLocker has exhibited stability and ease of management over the years.
An international law enforcement operation led by Interpol has led to the arrest of 14 suspected cybercriminals in an operation codenamed 'Africa Cyber Surge II,' launched in April 2023.
The WoofLocker tech support scam campaign, which was first discovered in 2020, is still active and has evolved to become more sophisticated. The campaign relies on compromised websites to distribute its malicious code, with a focus on adult websites.
Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 suffers from an unpatched vulnerability in sudoedit, allowed by sudo configuration, which permits a low-privilege user to modify arbitrary files as root and subsequently execute arbitrary commands as root.
Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to run arbitrary commands as root via the tcpdump command without a password.
Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to read root-only files via the dig command without a password.
Ubuntu Security Notice 6301-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system show more ...
Ubuntu Security Notice 6300-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the show more ...
Ubuntu Security Notice 6299-1 - It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service.
Debian Linux Security Advisory 5479-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Ubuntu Security Notice 6294-2 - USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the payload and bypass certain restrictions.
Ubuntu Security Notice 6297-1 - It was discovered that Ghostscript incorrectly handled outputting certain PDF files. A local attacker could potentially use this issue to cause a crash, resulting in a denial of service.
Ubuntu Security Notice 6298-1 - Liu Zhu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. YiMing Liu discovered that ZZIPlib incorrectly show more ...
This paper focuses on using Windows APIs to exploit and bypass modern day defense systems. The idea here is to understand the approach of how a modern day threat adversary would definitely help blue teamers to improve their defense mechanism. This article is useful for both blue and red teamers.
Chrome IPCZ FragmentDescriptors are not validated allowing for an out-of-bounds crash condition.
In this Dark Reading News Desk segment, Securonix CEO Nayaki Nayyar and Chris Inglis, Former NSA Deputy Director, discuss how AI will reshape cybersecurity.
In this Dark Reading News Desk segment, Frotra's Bob Erdman discusses Fortra's recent collaboration with Microsoft and Health-ISAC.
In this Dark Reading News Desk segment, Theresa Lanowitz of AT&T Business discusses edge computing's impact on the healthcare industry.
In this Dark Reading News Desk segment, Jim Ivers and Natasha Gupta of Synopsys discuss application security posture management and software consolidation.
In this Dark Reading News Desk segment, Hubble Technology CEO/founder Tom Parker discusses infosec "back to basics," especially security asset visibility.
In this Dark Reading News Desk segment, Comcast's Noopur Davis and Matthew Tharp discuss security management, big data, and data security fabric.
In this Dark Reading News Desk segment, Sysdig's Anna Belak discusses how the boom in cloud services and applications expanded the definition of what constitutes an endpoint.
In this Dark Reading News Desk segment, Brendan O'Connor, CEO and Co-Founder of AppOmni describes some of the biggest security challenges for securing software-as-a-service (SaaS) applications.
In this Dark Reading News Desk segment, Mike Wyatt and John Ayers of Cyderes discuss how artificial intelligence has already been weaponized against businesses and consumers.
In this Dark Reading News Desk segment, Dave Gerry, CEO of Bugcrowd, and Casey Ellis, founder and CTO of Bugcrowd, discuss the company's latest "Inside the Mind of a Hacker" report.
Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an add-on has been unpublished by a developer, taken down for violating Chrome Web Store policy, or marked as malware.
A coordinated law enforcement operation across 25 African countries has led to the arrest of 14 suspected cybercriminals, INTERPOL announced Friday. The exercise, conducted in partnership with AFRIPOL, enabled investigators to identify 20,674 cyber networks that were linked to financial losses of more than $40 million. "The four-month Africa Cyber Surge II operation was launched in April 2023
While IT security managers in companies and public administrations rely on the concept of Zero Trust, APTS (Advanced Persistent Threats) are putting its practical effectiveness to the test. Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one's own network. Just recently, an attack believed to be perpetrated by the Chinese hacker group
A new "mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations. The activity, active since April 2023 and still ongoing, targets a wide range of small and medium businesses and governmental entities, most of which are located in Poland, Ecuador, Mexico, Italy, and Russia
Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution. "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's
DEF CON, the annual hacker convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the event's venue due to a bomb threat
The limits of current AI need to be tested before we can rely on their output
