Early this year I gave you five reasons to avoid desktop versions of messengers. The fact that many such applications use the Electron framework is one of them. This means that such a messenger works as an additional browser in your system, and its updates are quite difficult to control. But, as I wrote in that post, show more ...
Episode 315 of the Kaspersky Transatlantic Cable Podcast kicks off with a possible U-turn from the British government and end-to-end encryption. From there discussion moves MGM resorts being hit by a cyber-attack. Following on from that, discussion moves to Microsofts odd decision to add pop-up ads for Edge into show more ...
In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI‘s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the show more ...
The ransomware group is a collection of young adults, and also recently breached Caesars Entertainment and made a ransom score in the tens of millions range.
The Russian-speaking ransomware gang continues to update its tactics while managing to steal highly sensitive information from its victims.
Pursuant to new regulation, both gaming companies reported recent cyber incidents to the SEC.
Leverage the human layer as a crucial cog in building cyber resilience within the organization.
The false advertisement has been left up for days, flying under the radar by managing to adhere to Google Ads' policies.
It takes a diverse village of experts to enact effective cybersecurity guidelines, practices, and processes.
In a notable shift in strategy, the threat actors are abusing code-signing certificates to spread a double whammy of infostealers and ransomware payloads.
Sports teams, major leagues, global sporting associations, and entertainment venues are all home to valuable personal and business data. Here's how to keep them safe.
Around 900 pages were identified as using Arabic language and familiar brand names to snare users and steal their money and personal details — presenting big brand protection issues for retailers.
While the total count of attacks might seem low — just 13 that affected organizations operating critical technology services — the number marks a significant increase from the four disruptions the sector recorded in 2022 and 2021.
More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities.
The number of claimants in a class action lawsuit against Capita, a UK company, is increasing following a cybersecurity breach in March. Manchester-based law firm, Barings Law, sent a legal letter to Capita in June after receiving numerous enquiries.
A cyberattack caused St. Louis County to shut down some computer systems used to look up court cases, issue charges and process people in custody at the jail, County Executive Sam Page said Tuesday.
The attackers behind 3AM, which is written in the Rust programming language, engage in reconnaissance, privilege escalation, and exfiltration of sensitive data before deploying the ransomware.
Valid, compromised credentials are also a hot commodity in the cybercrime marketplace, accounting for the vast majority, almost 90%, of assets for sale on the dark web, an IBM Security X-Force report found.
"The actor's email chains are highly evasive, making use of traffic distribution systems (TDS) like BlackTDS and Keitaro, which provide identification and filtering capabilities to tailor user traffic," Microsoft said.
A Portuguese hacker whose bombshell revelations on the “Football Leaks” website rocked European soccer was convicted Monday by a Lisbon court of nine crimes and given a suspended prison sentence of four years.
According to the Hudson Rock, the threat actor — who appears to be linked to a December 2022 breach of the FBI’s InfraGard system — posted the leaked information publicly without making any demands.
Zenity said the Series A financing was led by Intel Capital and included new investors from Gefen Capital and B5. Existing backers Vertex Ventures and Upwest also expanded equity stakes.
Symantec researchers spotted a new ransomware family called 3AM that is written in Rust and attempts to stop services and delete Volume Shadow copies before encrypting files. The ransomware is currently being used in limited attacks. Its exact origins remain unknown. It is recommended that organizations work on improving their defenses by investigating IOCs associated with the ransomware strain.
Two new high-severity Kubernetes vulnerabilities flagged by Akamai leave all Windows endpoints on an unpatched cluster open to remote code execution (RCE) with system privileges.
The governing body for soccer in the Netherlands said this week that it paid a ransom to hackers who breached its systems earlier this year and stole the sensitive data of more than 1.2 million employees and members.
The U.S. National Security Council (NSC) is urging the governments of all countries participating in the International Counter Ransomware Initiative (CRI) to issue a joint statement announcing they will not pay ransoms to cybercriminals.
Federal authorities are warning the health sector about threats posed by Akira, a RaaS group that surfaced about six months ago and has been linked to several dozen attacks on predominately small and midsized entities across many industries.
The notorious spyware was reportedly installed on the iPhone of Galina Timchenko, owner of the Russian independent media outlet Meduza, while she was in Berlin for a private conference with other Russian independent journalists living in exile.
Threat actors are using EV code signing certificates to distribute both information-stealing malware and ransomware, indicating a streamlining of operations and the need for stronger security measures.
A new malvertising campaign has surfaced, targeting corporate users downloading popular web conferencing software Cisco Webex with BatLoader. Webex itself has not been compromised; rather, threat actors are exploiting brand impersonation to distribute the malware. The malicious ad impersonating it is displayed on top show more ...
Top cybersecurity officials from the Biden administration pledged additional support to the open source software community and private sector security executives during the Secure Open Source Software Summit in Washington D.C. on Tuesday.
Five of the SAP security notes released this month are rated ‘hot news’, the German software company’s highest rating. Three of them, however, are updates for previously released security notes.
The Maryland-based startup, which aims to help businesses protect themselves from identity-related cyberattacks, announced that it has raised an $8.5 million seed round led by Ballistic Ventures, with strategic participation from IBM Ventures.
A new malvertising campaign is targeting corporate users who download the Webex web conferencing software. The campaign impersonates Cisco's brand and displays a malicious ad when users search for Webex on Google.
On Wednesday, an ICJ spokesperson confirmed that it was dealing with a cybersecurity issue but declined to elaborate on whether law enforcement has been contacted or if the organization was facing operational issues.
Threat actors are utilizing advanced techniques such as malvertising and SEO to conduct sophisticated fraud schemes, targeting authentication processes and exploiting technical misconfigurations, according to a report by Visa.
While inside Rollbar's servers, attackers accessed sensitive customer information, including usernames and email addresses, account names, and project information, such as environment names and service link configuration.
Organizations prioritize privacy and protection of intellectual property when adopting AI tools, with concerns about AI-generated code introducing security vulnerabilities and lacking copyright protection, according to GitLab.
A cyber event last month may have affected the security of some information maintained by Butler County. County officials say they found out on August 8th that an email account related to the County jail was sending unauthorized spam emails.
A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. This Metasploit module exploit makes use to two different kinds of specially crafted .blf files.
Ubuntu Security Notice 6368-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, show more ...
Red Hat Security Advisory 2023-5148-01 - Red Hat Integration Camel for Spring Boot 3.20.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include bypass and denial of service vulnerabilities.
Debian Linux Security Advisory 5497-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.
Ubuntu Security Notice 6367-1 - It was discovered that Firefox did not properly manage memory when handling WebP images. If a user were tricked into opening a webpage containing malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code.
Red Hat Security Advisory 2023-5147-01 - A security update for Camel for Spring Boot 3.18.3.2 is now available. Issues addressed include bypass and denial of service vulnerabilities.
Debian Linux Security Advisory 5496-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.
iSmile Soft CMS version 0.3.0 suffers from an add administrator vulnerability.
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
Ubuntu Security Notice 6364-1 - It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 6366-1 - It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser.
Red Hat Security Advisory 2023-5143-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5146-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.111 and .NET Runtime 7.0.11. Issues addressed include a denial of service vulnerability.
islamnt CMS version 2.1.0 suffers from an add administrator vulnerability.
islamnt CMS version 2.1.0 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.
Night Club Booking Software version 1.0 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-5142-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 6365-1 - It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.
Red Hat Security Advisory 2023-5144-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Issues addressed include a denial of service vulnerability.
ImgHosting version 1.3 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-5145-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.111 and .NET Runtime 7.0.11. Issues addressed include a denial of service vulnerability.
The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened on or around February 10, 2023. Timchenko is the executive editor and owner of Meduza, an independent news publication
A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active. "
Employee offboarding is no one’s favorite task, yet it is a critical IT process that needs to be executed diligently and efficiently. That’s easier said than done, especially considering that IT organizations have less visibility and control over employees’ IT use than ever. Today, employees can easily adopt new cloud and SaaS applications whenever and wherever they want, and the old IT
A high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 (CVSS score: 8.8), the issue relates to a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows
A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious
Deepfakes are being used for good (perhaps), common usernames could pose a security threat, and someone has paid a $500,000 fee... just to send $1,865. Oh, and our guest mentions Mr Blobby (to the horror of the show's hosts...) All this and much much more is discussed in the latest edition of the "Smashing show more ...
CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. Read more in my article on the Tripwire State of Security blog.
Uh-oh, yet another UK police force has suffered a serious data breach. After the incidents involving Cumbria Police, Norfolk and Suffolk Police, and – perhaps worst of all – the PSNI in Northern Ireland, it’s now Greater Manchester Police finding itself in the hot seat.
Graham Cluley Security News is sponsored this week by the folks at PlexTrac. Thanks to the great team there for their support! Getting high-quality, actionable pentesting reports doesn’t have to take hours. In fact, automating your processes with PlexTrac enables building a report in as little as five minutes! show more ...
It seems modern cars are gobbling up all kinds of data about their drivers including - astonishingly - details of their sex lives.
Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States
