Practically no IT conference these days is complete without a discussion of SD-WAN. Supporters of the technology stress its ability to manage all kinds of different things — from global networks to cafe refrigerators. However, it has yet to conquer all hearts and minds. Despite being a decade old, the technology has show more ...
Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on open source code. The post Episode 253: DevSecOps Worst Practices show more ...
Russian hacktivist attacks are mostly for show, but sometimes they cause serious damage and are poised to begin getting worse.
Amazon will add new MFA requirements for users with the highest privileges, with plans to include other user levels over time.
It's never been easier to hide malware in plain sight in open source software package repositories, and "DiscordRAT 2.0" now makes it easy to take advantage of those who stumble upon it.
By reframing the narrative of the filter, the large-language model chatbot was more willing to solve the visual puzzle and override its programming.
A mere $35 can buy you stealth access to corporate networks across the region, according to new research.
Defenders have been left scrambling after the way patches were released for six flaws in the open source mail server, which is the most popular mail transfer agent on the Internet.
The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space.
Treating the NIST Cybersecurity Framework as a business requirement is a strong step toward preventing breaches.
Tracking metrics like MTTR, MTTD, MTTP, and MTTC can demonstrate the effectiveness of your patch management process and your value to the business.
Researchers at FortiGuard Labs uncovered nine sets of malicious NPM packages designed to steal sensitive data, including system information, user credentials, and source code. These malicious packages use install scripts to exfiltrate data to webhooks or file-sharing links. These npm packages highlight a significant and often overlooked threat within the open-source ecosystem.
Many organizations, including Fortune 500 firms, have exposed Zoom links that allow unauthorized individuals to initiate video conference meetings, posing a risk of phishing and social engineering attacks.
The flaw, introduced in glibc 2.34, highlights the severity and widespread nature of the vulnerability, emphasizing the need for immediate patching by system administrators.
The vulnerabilities, collectively known as "ShellTorch," have been patched in the latest version of TorchServe (0.8.2), hence, developers are encouraged to update to ensure their systems are secure.
LightSpy, associated with the Chinese APT41 group, was found to contain a Core implant and 14 plugins for data exfiltration, supporting 24 different commands. LightSpy's Core supports 24 different commands, including self and plugin updates, indicating a sophisticated and versatile threat actor behind it.
"There are indications from Google Threat Analysis Group and Google Project Zero that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 may be under limited, targeted exploitation," the semiconductor company said in an advisory.
APT41, previously associated with web application attacks, has shifted its tactics to develop mobile-specific malware, including the DragonEgg and LightSpy surveillance malware, which share similar configuration patterns and runtime structures.
The Madagascar government likely used the Cytrox-developed Predator spyware to conduct political domestic surveillance ahead of the country’s presidential election, according to research by Sekoia.
Menlo Labs discovered a July to August phishing campaign targeting executives in banking, insurance, real estate, and manufacturing, using the complex EvilProxy phishing kit. The campaign highlights the escalating threats that organizations face from threat actors due to the use of sophisticated tools and trusted platforms to hoodwink their targets.
The Cuba ransomware gang claimed responsibility for the attack, with concerns raised about potential connections to the Russian state due to their history of targeting government systems in Ukraine and Montenegro.
There are differing views between the European Parliament and the European Council regarding the level of protections for journalists from spyware, which will be subject to negotiations.
CarePointe, a medical provider in Indiana, is being sued by the state attorney general for allegedly being aware of security risks before a ransomware attack exposed the personal information of 45,000 patients.
Almost two-thirds of executives at publicly traded companies plan to strengthen their cybersecurity programs in response to a new rule by the SEC that requires companies to report material cybersecurity incidents within four business days.
Ransomware attacks can have devastating financial and reputational consequences, with the potential to close down businesses, highlighting the importance of effective remediation and prevention strategies.
The typosquatting attack involved a malicious package called node-hide-console-windows that downloaded a Discord bot, which then planted an open-source rootkit called r77.
This incident highlights a new type of vulnerability, similar to prompt injection, where users can bypass the constraints of the AI model. Microsoft is likely to address this issue in future versions of Bing Chat.
The sale of these credentials puts sensitive information at risk of being misused by cybercriminals. It is unclear how many credentials are being sold or if they are genuine.
NATO is currently investigating claims that data was stolen from its unclassified websites by the hacking group SiegedSec. The group allegedly stole 9 GB of data, including documents from various NATO portals.
A misconfiguration in the Metropolitan Transportation Commission (MTC) systems resulted in the exposure of over 26,000 files, including clients' home addresses and vehicle plate numbers.
The breach was discovered on May 31, 2023, and unauthorized actors were able to access Arietis Health's MOVEit server, potentially acquiring confidential files belonging to patients at NorthStar Anesthesia.
Originally published by the Police Service of Northern Ireland (PSNI) Cyber Crime Centre, the notice urges all local businesses to ensure staff cybersecurity awareness training is updated so employees can spot the threat.
The cyberattack caused disruptions to national and international calling, as well as customers' and retailers' access to top-ups, indicating a potential ransomware attack.
The breach, caused by the Clop ransomware gang, occurred in late June but was only publicly acknowledged by Sony recently, with the company taking immediate action to remediate the vulnerability and launch an investigation.
The Snatch cybercrime group has been using paid Google ads to distribute their malware, posing as trusted software like Adobe Reader, Discord, Microsoft Teams, and Mozilla Thunderbird.
This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WS_FTP server running the Ad Hoc Transfer module. All versions of WS_FTP Server prior to 2020.0.4 (version 8.7.4) and 2022.0.2 (version 8.8.2) are vulnerable to this issue. The vulnerability was originally discovered by AssetNote.
Ubuntu Security Notice 6401-1 - It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP did not properly manage certain show more ...
Gentoo Linux Security Advisory 202310-4 - Multiple vulnerabilities have been discovered in libvpx, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.13.1 are affected.
Gentoo Linux Security Advisory 202310-3 - Multiple vulnerabilities in glibc could result in Local Privilege Escalation. Versions greater than or equal to 2.37-r7 are affected.
Ubuntu Security Notice 6410-1 - It was discovered that a specially crafted file system image could cause a heap-based out-of-bounds write. A local attacker could potentially use this to perform arbitrary code execution bypass and bypass secure boot protections. It was discovered that a specially crafted file system show more ...
Red Hat Security Advisory 2023-5390-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.36. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use show more ...
Ubuntu Security Notice 6386-3 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that show more ...
Ubuntu Security Notice 6407-1 - Gregory James Duck discovered that libx11 incorrectly handled certain keyboard symbols. If a user were tricked into connecting to a malicious X server, a remote attacker could use this issue to cause libx11 to crash, resulting in a denial of service, or possibly execute arbitrary code. show more ...
Ubuntu Security Notice 6409-1 - It was discovered that the GNU C Library incorrectly handled the GLIBC_TUNABLES environment variable. An attacker could possibly use this issue to perform a privilege escalation attack. It was discovered that the GNU C Library incorrectly handled certain DNS responses when the system show more ...
Ubuntu Security Notice 6408-1 - Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. Yair Mizrahi discovered show more ...
Debian Linux Security Advisory 5514-1 - The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable. An attacker can exploit this flaw for privilege escalation.
Debian Linux Security Advisory 5513-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Red Hat Security Advisory 2023-5419-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.
Ubuntu Security Notice 6406-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS score: 7.8), the issue is a buffer overflow that resides in the dynamic loader's processing of the GLIBC_TUNABLES
Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach has emerged that can be launched for $1,500 a year. If the name Wing Security (Wing) rings a bell, it is probably because earlier this year,
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality. The package in question is node-hide-console-windows, which mimics the legitimate npm package node-hide-console-window in what's an instance of a typosquatting campaign. It was downloaded 704
Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance. "The attackers initially exploited a SQL injection vulnerability in an application within the target's environment," security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen said in a Tuesday report. "This allowed the
New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka AndroidControl), was first disclosed by Lookout in July 2023 as a strain of malware capable of gathering sensitive data from Android devices. It was attributed to the Chinese nation-state group APT41. On
