Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an show more ...
Demand for digital forensics and incident response (DFIR) surges in the Middle East, a new IDC report finds. Is automation the answer?
The Menorah malware can upload and download files, as well as execute shell commands.
Norway wants to permanently ban the owner of Facebook and Instagram from collecting sensitive user data across Europe, saying its current policies violate GDPR rules.
The Lazarus Group's "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.
Red Teams can help organizations better understand vulnerabilities and secure critical AI deployments.
The royal takedown was a brief but effective PR stunt for Russia's most notorious hacktivist group.
Google, Fortanix, and other firms have aimed to train a cadre of Rust developers, betting that the additional cost will be offset by security savings.
Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.
PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.
The rapid growth of APIs creates a widening attack surface and increasing unknown cybersecurity risks.
Post-quantum cryptography (PQC) offers a solution by providing algorithms that are resistant to both classical and quantum computer attacks, ensuring the security of data in a quantum computing era.
Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below.
The BunnyLoader malware incorporates anti-sandbox and antivirus evasion techniques and has been continuously developed since September 2023, with updates addressing critical flaws.
Contrary to the popular notion that ransomware hackers are sophisticated launderers of their stolen money, research shows they use straightforward mechanisms to transfer their bitcoin - allowing researchers to follow their money trail.
The LostTrust encryptor disables various Windows services and appends the ".losttrustencoded" extension to encrypted files, with ransom demands ranging from $100,000 to millions.
AI and advanced analytics are being employed by 72% of financial crime professionals to enhance compliance procedures, but challenges such as data quality and legacy systems persist, according to LexisNexis Risk Solutions.
Efforts are underway to restore access to data and distribute paychecks, with some school districts providing emergency loans and food assistance to affected staff members.
Recent weeks have witnessed a significant increase in cyberattacks targeting the US Postal Service (USPS), mainly through phishing and smishing campaigns, according to DomainTools researchers who shared their findings in an advisory last week.
The Russian firm Operation Zero unveiled this increased payout on X (formerly Twitter) last week, aiming to attract top-tier researchers and developer teams to collaborate with their platform.
Norway is urging the European Data Protection Board (EDPB) to ban Meta (formerly Facebook) from harvesting user data for advertising purposes permanently and extend the ban across Europe.
The UK's data protection regulator issued an advisory notice to all public authorities in the wake of a hugely damaging leak at the Police Service of Northern Ireland (PSNI) last month.
Progress Software released fixes for eight vulnerabilities in WS_FTP, including one with a maximum severity score, but evidence of exploitation was discovered shortly after.
LUCR-3 is a financially motivated attacker that targets Fortune 2000 companies, using compromised credentials and leveraging SaaS applications to steal Intellectual Property for extortion.
As AI technology evolves rapidly, organizations need to stay vigilant, monitor the AI landscape, and adapt their cybersecurity programs to effectively defend against new threats posed by cybercriminals.
According to reports, the official website of the UK’s royal family was taken offline by a DDoS attack on Sunday. The Royal.uk site was unavailable for around 90 minutes, starting at 10 am local time, according to The Independent.
Cloud computing giant AWS says an internal threat intel decoy system called MadPot has been used successfully to trap malicious activity, including nation-state-backed APTs like Volt Typhoon and Sandworm.
In-the-wild exploitation of a critical vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server started just days after the availability of a patch was announced.
According to research from IANS and Artico Search, security budgets as a share of IT budgets are increasing, indicating a moderate impact on security spending compared to overall IT spending.
The Android banking Trojan Zanubis has taken on a new guise, posing as the official app for the Peruvian governmental organization SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria).
Threat actors are selling a new crypter and loader called ASMCrypt, which is an evolved version of the DoubleFinger loader. It allows them to build payloads for their campaigns by establishing contact with a backend service over the TOR network.
ETSI has taken immediate action, involving France's cybersecurity agency, ANSSI, to investigate and fix the vulnerability that led to the attack and has strengthened its IT security procedures.
The FBI warned about a new scam called the "Phantom Hacker" scam, which is specifically targeting senior citizens. It involves imposters posing as tech support, financial institutions, and government representatives to gain the trust of victims.
The publicly accessible AWS S3 buckets contained personal data, invoices, and internal documents, potentially disrupting trade and operations of India's ports and leading to significant ransom demands.
Cloudflare has been found to have vulnerabilities in its Firewall and DDoS prevention system. Hackers can exploit these flaws by creating a free Cloudflare account and knowing the IP address of a targeted web server.
This archive contains all of the 122 exploits added to Packet Storm in September, 2023.
Electrolink FM/DAB/TV Transmitter allows access to an unprotected endpoint that allows an MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or internal Flash program show more ...
Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.
Electrolink FM/DAB/TV Transmitter allows an unauthenticated attacker to bypass authentication and modify the Cookie to reveal hidden pages that allows more critical operations to the transmitter.
Electrolink FM/DAB/TV Transmitter suffers from a privilege escalation vulnerability. An attacker can escalate his privileges by poisoning the Cookie from GUEST to ADMIN to effectively become Administrator or poisoning to ZSL to become Super Administrator.
Electrolink FM/DAB/TV Transmitter suffers from an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. It is also vulnerable to account takeover and arbitrary password change.
Electrolink FM/DAB/TV Transmitter suffers from an authentication bypass vulnerability affecting the Login Cookie. An attacker can set an arbitrary value except NO to the Login Cookie and have full system access.
Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system access.
The Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system access.
Gentoo Linux Security Advisory 202310-1 - Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. Versions greater than or equal to 0.103.7 are affected.
Debian Linux Security Advisory 5512-1 - Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used.
Debian Linux Security Advisory 5511-1 - Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack.
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals show more ...
Gentoo Linux Security Advisory 202309-17 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected.
Gentoo Linux Security Advisory 202309-16 - Multiple vulnerabilities have been discovered in wpa_supplicant and hostapd, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.10 are affected.
Debian Linux Security Advisory 5510-1 - Clement Lecigne discovered a heap-based buffer overflow in libvpx, a multimedia library for the VP8 and VP9 video codecs, which may result in the execution of arbitrary code if a specially crafted VP8 media stream is processed.
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first show more ...
Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.
Debian Linux Security Advisory 5509-1 - A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Debian Linux Security Advisory 5508-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Red Hat Security Advisory 2023-5407-01 - OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool. Issues addressed include a denial of service vulnerability.
Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that's being advertised for sale on the cybercrime underground. "BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credentials and system information, and much more," Zscaler ThreatLabz researchers Niraj Shivtarkar and
An emerging Android banking trojan called Zanubis is now masquerading as a Peruvian government app to trick unsuspecting users into installing the malware. "Zanubis's main infection path is through impersonating legitimate Peruvian Android applications and then tricking the user into enabling the Accessibility permissions in order to take full control of the device," Kaspersky said in an
A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefine
Introduction In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitating the sharing of information and functionalities. However, as the use of APIs continues to rise, they have become an increasingly attractive
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune 2000 companies across various sectors, including but not limited to Software, Retail, Hospitality,
A financially motivated campaign has been targeting online payment businesses in the Asia Pacific, North America, and Latin America with web skimmers for more than a year. The BlackBerry Research and Intelligence Team is tracking the activity under the name Silent Skimmer, attributing it to an actor who is knowledgeable in the Chinese language. Prominent victims include online businesses and
