When I was growing up, I never gave much thought to the communications between my parents and my teachers. Typically, there was a back-to-school night; if ever I did something wrong, the communication was made in a phone call from the teacher or principal; and there were letters/results that needed to be signed by my show more ...
Updated cybersecurity regulations herald a new era of transparency and accountability in the face of escalating industry vulnerabilities.
The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.
National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.
Back to basics is a good start, but too often security teams don't handle their deployment correctly. Here's how to avoid the common pitfalls.
The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.
Despite a cyberattack on Auckland University of Technology, the university has been able to continue normal operations with minimal disruption. The Monti ransomware gang claimed responsibility for the attack and demanded an undisclosed ransom.
Subsea cables are a critical component of the global internet infrastructure, and protecting them from accidental damage, natural phenomena, physical attacks, and cyberattacks is crucial.
The adoption of passkeys by GitHub, Microsoft, and Google, among other technology giants, demonstrates a growing trend toward using passkeys for secure authentication across platforms.
Apple recently addressed three zero-day vulnerabilities that were used as part of an iPhone exploit chain in an attempt to deliver spyware called Predator to former Egyptian member of parliament Ahmed Eltantawy.
In the first half of 2023, small businesses were the most targeted victims of LockBit and BlackCat, while large enterprises were the primary targets of Clop ransomware attacks.
The stolen data, believed to be from an authorized retailer called Connectivity Source, includes employee IDs, login information, Social Security numbers, and service account details.
ESET revealed details on two cyberespionage campaigns conducted by the OilRig APT group against Israeli organizations, using spear-phishing emails. The Outer Space campaign utilized the Solar backdoor and the SC5k downloader, while the Juicy Mix campaign featured the Mango backdoor and additional browser-data dumpers show more ...
Check Point researchers have uncovered a new variant of the BBTok banking trojan, which focuses its attacks on users of more than 40 banks in Latin America, with a primary focus on Brazil and Mexico. The attack strategies differ between Windows 7 and Windows 10 systems. Banking organizations and individuals in the region are advised to stay cautious.
The data breach was caused by the Clop ransomware gang, who exploited a zero-day security flaw in the MOVEit Transfer platform and began extorting organizations that were targeted.
These designs aim to mitigate risks caused by accidental misuse of cryptography, ensuring cryptographic security is maintained even in the event of significant human error.
The backdoor does not have traditional commands implemented; instead, it dynamically receives commands from a command and control server in the form of additional modules.
The Cybersecurity and Infrastructure Security Agency is urging the software industry to embrace the use of memory safe programming languages as part of a wider effort to eliminate security vulnerabilities in code.
Cato Networks has secured a $238 million equity investment to enhance its SASE platform by integrating CASB and DLP capabilities, catering to the needs of large enterprises.
A recent report by Palo Alto Networks Unit42 researchers reveals that a stealthy APT group known as Gelsemium likely targeted a Southeast Asian government between 2022 and 2023.
The security incident highlights the time-consuming process of analyzing stolen data and notifying affected individuals, emphasizing the need for improved cybersecurity measures.
The Known Exploited Vulnerabilities (KEV) Catalog maintained by the US cybersecurity agency CISA has led to significant improvements in federal agencies’ patching efforts, with more than 1,000 vulnerabilities now included in the list.
The Xenomorph malware family, known for its advanced capabilities and distribution campaigns, has resurfaced with new overlays targeting institutions and crypto wallets in the United States and Portugal.
The budgets allocated for the security of industrial control systems (ICS) and operational technology (OT) have decreased in 2023 compared to the previous year, with over 21% of organizations reporting not having a cybersecurity budget at all.
Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin.
Security researchers have identified a highly advanced modular backdoor, named Deadglyph, believed to be linked to the Stealth Falcon cyber espionage group. It was discovered during an investigation into a cyberespionage incident in the Middle East. Organizations are advised to leverage the IOCs associated with the malware to protect endpoints or networks vulnerable to attacks.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the NFL conducted a cybersecurity tabletop exercise to assess and improve response capabilities for potential cyber-attacks during Super Bowl LVIII.
The threat actor behind this campaign is the TA866 group, known for targeting Tatar language speakers. The attackers use phishing emails with a malicious RAR file that contains a video file and a Python-based executable disguised as an image file.
Large companies with over $100 million in revenues have been particularly targeted, experiencing a rise in both the frequency and severity of cyber incidents. Funds transfer fraud has also become a prevalent issue.
"The attacker has created fake Tibetan websites, along with social media profiles, likely used to deploy browser-based exploits against targeted users," Volexity security researchers said in a report published last week.
New York state attorney general has reached an agreement with Marymount Manhattan College (MMC) following a data breach in 2021. The college will invest $3.5 million into cybersecurity to address the deficiencies exposed during the ransomware attack.
The acquisition will offer WatchGuard's partners and customers access to cutting-edge security solutions, improved XDR insights, and simplified compliance with regulatory and cyber-insurance requirements.
The council has restored its computer systems but anticipates delays in addressing complaints, and is taking extra precautions by notifying individuals who may have been affected by the data leak.
CISOs and cybersecurity practitioners should focus on addressing the challenges of data structure, management, and curation to fully leverage the benefits of AI for cyber defense.
Scammers have started creating videos implying leaked sensitive photos of celebrities and urging viewers to download the Temu app and enter their referral number to view the content. These scams have been targeting multiple celebrities.
Containment and remediation after an insider incident are the most expensive areas, with an average cost of $179,209 and $125,221 per incident respectively, and the average time to contain an incident has increased to 86 days.
Google's limited disclosure and the separate CVE designations for the vulnerability by Apple, Google, and Citizen Lab have hindered the detection and patching of the critical vulnerability in other software relying on libwebp.
The incident follows a recent trend of cryptocurrency hacks, with North Korean hackers being suspected in multiple attacks, highlighting the growing threat posed by cybercriminals targeting the industry.
Kosi Goodness Simon-Ebo, a Nigerian national, pleaded guilty to wire fraud and money laundering through business email compromise (BEC) schemes, resulting in millions of dollars in losses.
RoyalTSX version 6.0.1 suffers from an RTSZ file handling heap memory corruption vulnerability. The application receives SIGABRT after the RAPortCheck.createNWConnection() function is handling the SecureGatewayHost object in the RoyalTSXNativeUI. When the hostname has an array of around 1600 bytes and the Test Connection is clicked the application crashes instantly.
OPNsense versions 23.1.11_1, 23.7.3, and 23.7.4 suffer from cross site scripting vulnerabilities that can allow for privilege escalation.
Debian Linux Security Advisory 5504-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.
Apple Security Advisory 2023-09-21-7 - macOS Monterey 12.7 addresses a privilege escalation vulnerability.
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. show more ...
Apple Security Advisory 2023-09-21-6 - macOS Ventura 13.6 addresses bypass vulnerabilities.
Apple Security Advisory 2023-09-21-5 - watchOS 9.6.3 addresses bypass vulnerabilities.
Ubuntu Security Notice 6190-2 - USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this show more ...
Ubuntu Security Notice 6365-2 - USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.
Whitepaper called Cybersecurity in Industry 4.0 and Smart Manufacturing: The Rise of Security in the Age of IoT, IIoT, ICS, and SCADA. This article examines Industry 4.0's relationship with the rapidly developing technologies Internet of Things (IoT), Industrial Internet of Things (IIoT), Industrial Control show more ...
Apple Security Advisory 2023-09-21-4 - watchOS 10.0.1 addresses bypass vulnerabilities.
LogoBee CMS version 0.2 suffers from a cross site scripting vulnerability.
Lamano LMS version 0.1 suffers from an ignored default credential vulnerability.
Apple Security Advisory 2023-09-21-3 - iOS 16.7 and iPadOS 16.7 addresses bypass vulnerabilities.
Apple Security Advisory 2023-09-21-2 - iOS 17.0.1 and iPadOS 17.0.1 addresses bypass vulnerabilities.
Apple Security Advisory 2023-09-21-1 - Safari 16.6.1 addresses a code execution vulnerability.
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims' machines, each cluster is characterized by distinct tools, modus operandi and infrastructure," Palo Alto
Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service manuals have begun to surface," Securonix researchers Den
Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer experience, to engineering. That's on the one hand. On the other end of this fencing match: risk. From IP leakage and data privacy risks to the empowering of cybercriminals with AI tools, generative AI
Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements enough to secure them? 83% of compromised passwords would satisfy the password complexity and length requirements of compliance standards. That’s because bad actors already have access to billions of stolen credentials that can be used to compromise additional accounts by
Tibetan, Uyghur, and Taiwanese individuals and organizations are the targets of a persistent campaign orchestrated by a threat actor codenamed EvilBamboo to gather sensitive information. "The attacker has created fake Tibetan websites, along with social media profiles, likely used to deploy browser-based exploits against targeted users," Volexity security researchers Callum Roxan, Paul
Graham Cluley Security News is sponsored this week by the folks at Abnormal. Thanks to the great team there for their support! AI and cybersecurity are colliding now more than ever. The positive power of AI is apparent with increased efficiency, cost savings, and more. Unfortunately, the same is true when those show more ...
Many iPhone users who upgraded their iPhones to the recently-released iOS 17 will be alarmed to hear that they may have actually downgraded their security and privacy. Read more in my article on the Hot for Security blog.
