Apples App Store is considered a reliable platform for downloading apps. So much so, in fact, that users often assume theres no danger at all: what could possibly be wrong with an app thats been moderated by Apple? App Store verification is indeed effective, and news about malicious or phishing apps on the platform is show more ...
Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting.
An internal memo cites DHS floor plans that could have been accessed in the breach.
Images purporting to be of the Armenia and Azerbaijan conflict were malware downloaders in disguise.
The Israeli company developed highly-targeted, mobile malware that would make any APT jealous.
Securing AI within your organization starts with understanding how AI differs from traditional business tools. Google's Secure AI Framework provides a model for what to do next.
The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.
Implementing a shift-left process in cybersecurity requires pulling together people, processes, and technology.
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.
Because QR codes can be used for phishing as easily as an email or text can, organizations must remain vigilant when dealing with them.
The vulnerability is a result of insufficient validation of attributes in the GDOI and G-IKEv2 protocols, making it possible for an attacker to compromise a key server or modify the configuration of a group member.
Warburg Pincus, the lead investor in this funding round, sees Nord Security's business model and strategy as well-aligned with the cybersecurity sector, positioning the company for further momentum in the complex market environment.
A Chinese state-sponsored APT called BlackTech has been found breaking into network routers to remain undetected and stealthily move across a variety of organizations. BlackTech actors often focus on branch routers (typically smaller appliances used at remote branch offices) and take advantage of the trusted connections between a victim and other entities to expand their access to the targeted networks.
The company identified eight flaws that could be exploited remotely, with two of them (CVE-2023-40044 and CVE-2023-42657) rated as critical due to the risk of pre-authenticated remote command execution attacks.
Ads are now being inserted into Bing Chat conversations, which poses a risk for users searching for software downloads. Malicious actors can trick users into visiting malicious sites and installing malware.
The center will focus on leveraging foreign intelligence insights, developing best practices, and creating risk frameworks to protect against digital attacks and prevent the theft of innovative AI capabilities.
The Budworm APT group continues to actively develop its toolset, as evidenced by its recent use of an updated version of its SysUpdate backdoor to target organizations in the Middle East and Asia.
Asia-Pacific is the second-most targeted region for malicious bot requests against financial services, with global hubs Singapore, Australia, and Japan the region's top three most targeted, accounting for the bulk of web application and API attacks.
Cybercriminals are using Dropbox to launch phishing attacks. They create a free Dropbox account, share a document with someone, and the recipient receives a legitimate-looking email from Dropbox with a link.
The researcher's role in investigating the scam led to a grand jury subpoena, highlighting the potential legal risks faced by ethical hackers and defenders involved in similar work.
The phishing attacks are highly convincing, using personalized messages and a meticulously crafted phishing page that mimics the Booking.com interface, leading victims to unknowingly provide their credit card or bank information.
The incident highlights the growing trend of private health data breach lawsuits and the increasing role of the Federal Trade Commission in enforcing health privacy laws.
As part of this trend, which was observed in July 2023, the FBI notes in a new private industry notification, threat actors deploy two ransomware variants in close date proximity to one another.
By synthesizing data from various security sources and utilizing natural language commands, Nexusflow aims to revolutionize cybersecurity operations by seamlessly interpreting human instructions and providing insights.
“The impact of this vulnerability is severe, as it grants attackers the ability to gain unauthorized access to systems, exfiltrate sensitive data, and execute malicious code remotely,” Cyfirma notes in an analysis of the bug and its exploitation.
The World Baseball Softball Confederation (WBSC) left a data repository exposed, including sensitive files such as copies of 4,600 national passports, putting individuals at risk of identity theft and other fraudulent activities.
The industry argues that KYC could cost billions of dollars in administrative costs and raise privacy concerns, while sophisticated hackers would easily work around these requirements.
The Budworm APT group is evolving its cyber arsenal. Budworm’s signature technique consists of executing SysUpdate on victims' networks by sideloading the DLL payload using the authentic INISafeWebSSO application - a tactic it has employed since at least 2018. Organizations should proactively update and patch their systems to counter known vulnerabilities exploited by tools like SysUpdate.
The attack caused delays at airports and affected several Russian air carriers, including Aeroflot. The Ukrainian hacktivist group IT Army claimed responsibility for the attack.
While the financial consequences for Progress have been minimal so far, potential litigation and class-action lawsuits related to the vulnerability could still have an impact in the future.
The payment, intended for a new police headquarters building, was made to a scammer who posed as the legitimate contractor, Moss Construction. The incident underscores the need for increased cybersecurity measures against business email compromise.
Government-issued devices face heightened security risks during a federal shutdown, as furloughed employees are typically restricted from using them, leaving networks and devices vulnerable.
The attack involved the deployment of a sophisticated backdoor called LightlessCan, which mimics native Windows commands and implements techniques to avoid detection by security monitoring software.
This Metasploit module exploits an authentication bypass vulnerability to achieve unauthenticated remote code execution against a vulnerable JetBrains TeamCity server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by SonarSource.
Ubuntu Security Notice 6386-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that show more ...
Gentoo Linux Security Advisory 202309-14 - Multiple vulnerabilities have been found in libarchive, the worst of which could result in denial of service. Versions greater than or equal to 3.7.1 are affected.
Gentoo Linux Security Advisory 202309-13 - A buffer overflow vulnerability has been found in GMP which could result in denial of service. Versions greater than or equal to 6.2.1-r2 are affected.
Gentoo Linux Security Advisory 202309-12 - Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege escalation. Versions greater than or equal to 1.9.13_p2 are affected.
Gentoo Linux Security Advisory 202309-11 - Multiple vulnerabilities have been found in libsndfile, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.1.0 are affected.
Gentoo Linux Security Advisory 202309-10 - A vulnerability was discovered in Fish when handling git repository configuration that may lead to execution of arbitrary code Versions greater than or equal to 3.4.0 are affected.
Gentoo Linux Security Advisory 202309-9 - Multiple vulnerabilities have been found in Pacemaker, the worst of which could result in root privilege escalation. Versions greater than or equal to 2.0.5_rc2 are affected.
Debian Linux Security Advisory 5507-1 - Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine.
Red Hat Security Advisory 2023-5405-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and code execution vulnerabilities.
Debian Linux Security Advisory 5506-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code
The Microsoft Windows kernel does not reset security cache during self-healing, leading to refcount overflow and use-after-free conditions.
Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw. "In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a
Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6.6. It impacts all versions of the software that have the GDOI or G-IKEv2 protocol enabled. The
Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations. Introduced by Microsoft in February 2023, Bing Chat is an
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight. Today, many rely on encryption in their daily lives to protect their fundamental digital privacy and security, whether for messaging friends and family, storing files and photos, or
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky said in an analysis published this week. DoubleFinger was first
Three Californian residents have been convicted of laundering millions of dollars tricked out of older adults who had fallen victim to government-imposter and tech support scams. Read more in my article on the Hot for Security blog.
Attackers are using the "ZeroFont" technique to manipulate the preview of a message to suggest it had already been scanned for threats. Read more in my article in the Tripwire State of Security blog.
During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan
While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor
