For popular messengers such as Telegram, Signal and WhatsApp, there are quite a few alternative clients (not to be confused with clients as in (human) customers; whoever opted this confusing language needs a good talking to) out there. Such modified apps — known as mods — often provide users with features and show more ...
Google shortened the lifetime of Transport Layer Security (TLS) certificates, and Microsoft plans to downgrade support for older versions, giving companies more data security but also removing visibility into their own traffic.
Infostealer incidents have more than doubled recently, making it critical to bolster your defenses to mitigate this growing threat.
Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.
US Treasury officials said the sanctions move is part of its effort to combat Russian state-sponsored cybercrime.
China's Storm-0558 accessed user emails at some 25 enterprise organizations earlier this year using forged tokens.
The private equity from has invested billions of dollars in identity and access management (IAM) but now it’s on Ping founder and CEO Andre Durand and his team to rationalize overlapping product lines.
Cyberattackers could exploit CVE-2023-20238 to carry out a variety of nefarious deeds, from data theft and code execution to phishing, fraud, and DoS.
Training will cover cloud skills and working in a paperless environment, but any mention of a cybersecurity element is conspicuously lacking.
Bad actors practice to deceive package managers with a tangled web of methods. Here's how to hoist them by their own petard.
"APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain attack capability," NSFOCUS Security Labs said in a report published last week.
In total, Google has fixed 6 flaws in the Framework module, 14 in the Kernel componet, 3 issues in the Qualcomm components, and 9 issues in the Qualcomm closed-source components.
Group-IB said it uncovered nearly 900 scam pages associated with the campaign, 60% of which targeted users from the Middle East and Africa (MEA) region. It estimated losses between March and June 2023 alone to be $280,000.
Zavio is a defunct Chinese company, but its security cameras are reportedly still deployed in the United States and Europe, which is why it’s important to raise awareness about the vulnerabilities.
The BlueShell malware was found being used by various threat actors to target systems running Windows, Linux, and other operating systems in Korea and Thailand. The Dalbit Group, a China-based threat group, has been identified as using a customized version of BlueShell. To mitigate such threats, organizations should show more ...
Researchers at Malwarebytes have identified a new version of the Atomic Stealer macOS malware that employs a technique to bypass the operating system's Gatekeeper security feature. The malware masquerades as the popular TradingView platform. It is important to deploy an antivirus with real-time protection so that it blocks the malware before it causes major damage.
A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service (DDoS) attacks.
Tracked as CVE-2023-20238, the vulnerability affecting the BroadWorks platform was identified in the SSO implementation and could be exploited by remote, unauthenticated attackers to forge credentials and access affected systems.
Multiple vulnerabilities in the Open Automation Software (OAS) Platform can be exploited to bypass authentication, leak sensitive information, and overwrite files, Cisco warns.
According to CISA, before deciding which type of DDoS mitigation to adopt, federal agencies should make an inventory of agency-owned or -operated web services, and then analyze the impact a DDoS attack would have against those services.
By tricking Superset into connecting to its own metadata database, an attacker can directly read or write application configuration through the interface potentially leading to credential harvesting and remote code execution.
IBM has worked with the database provider to address the technical issue, but warned Janssen customers about the potential for their personal information to be misused by malicious actors.
The council said it will not pay a ransom of $1.5 million demanded by the hackers, according to local media reports. The incident has affected a broad range of city services, including police, firefighters, and tax collection.
In a data breach notification letter sent to the affected individuals, a copy of which was submitted to the Maine Attorney General’s Office, See Tickets says the new attack was identified in May 2023 and completely shut down in July.
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware.
A series of unfortunate events allowed the China-backed adversary, which Microsoft tracks as Storm-0558, to gain ‘lawful’ access to the Exchange Online and Azure Active Directory (now called Microsoft Entra ID) accounts of 25 organizations.
Check Point Software plans to purchase Atmosec, an early-stage SaaS security startup founded by former Armis leaders to anticipate and block threats from malicious applications.
The ransomware attack on Mayanei Hayeshua Medical Center resulted in the shutdown of its administrative computer systems, leading the hospital to redirect new patients and those requiring emergency care to other medical centers.
Financially motivated hackers developed custom malware to exploit a likely zero-day flaw in popular property management software used by resorts and hotels, said security researchers.
This Metasploit module exploits a vulnerability in WinRAR (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution.
This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious JSP payload with the SYSTEM user permissions.
This Metasploit module exploits a series of vulnerabilities - including auth bypass, SQL injection, and shell injection - to obtain remote code execution on SonicWall GMS versions 9.9.9320 and below.
This Metasploit module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 2.4.1 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.1 or lower, the show more ...
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the Kibana process on the show more ...
The Microsoft Windows Kernel has an issue where a partial success of registry hive log recovery may lead to inconsistent state and memory corruption.
The Microsoft Windows Kernel suffers from out-of-bounds reads due to an integer overflow in registry .LOG file parsing.
Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.
Ubuntu Security Notice 6355-1 - Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local show more ...
Ubuntu Security Notice 6354-1 - It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity injection, resulting in a denial of service or information disclosure.
Debian Linux Security Advisory 5491-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Red Hat Security Advisory 2023-5030-01 - An update is now available for Red Hat OpenShift GitOps 1.8. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.
Event Ticketing System version 1.0 suffers from a cross site scripting vulnerability.
SyncBreeze version 15.2.24 suffers from a denial of service vulnerability.
GOM Player version 2.3.90.5360 suffers from a buffer overflow vulnerability.
Drupal version 10.1.2 appears to suffer from web cache poisoning due to a server-side request forgery vulnerability.
Wp2Fac version 1.0 suffers from an OS command injection vulnerability.
476 bytes small Windows/x64 PIC null-free TCP reverse shell shellcode.
TECHView LA5570 Wireless Gateway version 1.0.19_T53 suffers from directory traversal, privilege escalation, and information disclosure vulnerabilities.
Soosyze version 2.0.0 suffers from an arbitrary file upload vulnerability.
Axigen versions 10.5.0–4370c946 and below suffer from a cross site scripting vulnerability.
WordPress Elementor plugin versions prior to 3.5.5 suffer from an iframe injection vulnerability.
tc is a low-tech free software to chat anonymously and ciphered over Tor circuits in PGP. Use it to protected your communication end-to-end with RSA/DSA encryption and keep yourself anonymously reachable by anyone who only knows your .onion address and your public key. All this and more in 2400 lines of C code that compile and run on BSD and Linux systems with an IRC like GUI.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064
Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines. The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge relationships
Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0. It’s described as an authentication bypass flaw in the Cisco BroadWorks
Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments. Recently, a
The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang. “Russia has long been a safe haven for cybercriminals, including the TrickBot group,” the U.S. Treasury Department said, adding it has “ties to Russian intelligence services and has targeted the U.S. Government and U.S. companies, including
The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured
