The rapid development of AI systems, and the attempts to introduce them ubiquitously, are a source of both optimism and concern. AI can help humans in many different areas — as the cybersecurity industry knows firsthand. We at Kaspersky have been using machine learning (ML) for almost 20 years, and know for a fact show more ...
Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. Apple last week shipped show more ...
The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align.
Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments.
Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims.
CISA flags use-after-free bug now being exploited in the wild.
The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk.
The company released NB Defense, ModelScan, and Rebuff, which detect vulnerabilities in machine learning systems, on GitHub.
Threat intel experts see a reduced focus on desktop malware as threat groups prioritize passwords and tokens that let them access the same systems as remote workers.
Cisco's $28 billion purchase of Splunk was the biggest story, but there were other big security acquisitions and investments during a richer-than-expected quarter.
Cisco's $28 billion purchase of Splunk was the biggest story, but other security majors made strategic acquisitions as well in a better-than-expected quarter.
The novel technique helps hide the cybercriminal campaign's efforts to steal credit card information from visitors to major websites, and it represents an evolution for Magecart.
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.
The Israeli-Hamas war will most assuredly impact businesses when it comes to ramped-up cyberattacks. Experts say that Israel's considerable collection of cybersecurity vendors be a major asset on the cyber-front.
A sophisticated APT known as "ToddyCat," sponsored by Beijing, is cleverly using unsophisticated malware to keep defenders off their trail.
Financial services organizations migrating applications to the cloud need to think about cloud governance, applying appropriate policies and oversight, and compliance and regulatory requirements.
Despite the breach, Volex's operations remain largely unaffected, and the financial impact is expected to be minimal. The details of the breach, including the method of attack and any ransom demands, remain undisclosed.
An audio clip of UK opposition leader Keir Starmer verbally abusing his staff, which gained significant traction on social media, has been debunked as AI-generated by private-sector and government analysis.
Collaboration and information-sharing among North Korean APTs have increased during the COVID-19 pandemic, leading to a more organized and coordinated state-sponsored structure, researchers from Mandiant revealed in a report.
Threat actors have been exploiting a zero-day vulnerability in the HTTP/2 protocol since August to launch the largest DDoS attacks ever seen, according to several tech infrastructure giants.
McLaren Health Care is facing three proposed federal class action lawsuits after a Russian ransomware-as-a-service group stole the personal information of 2.5 million patients, alleging negligence in protecting patient privacy.
A new card skimming campaign discovered by Akamai utilizes 404 error pages on online retailers' websites to hide malicious code and steal customers' credit card information. The stolen data is exfiltrated via seemingly benign image requests, thus evading network monitoring tools. One effective mitigation show more ...
The two actively exploited flaws include information disclosure in Microsoft WordPad and privilege escalation in Skype for Business. Microsoft has also fixed flaws in Microsoft Message Queuing, Layer 2 Tunneling Protocol, and Windows IIS Server.
The Joint Cyber Defense Collaborative published a series of recommendations on Tuesday for operational technology vendors and critical infrastructure facilities to promote the secure use of open-source software.
Organizations are advised to check all their software for the presence of the CVE-2023-4863 vulnerability in the libwebp image rendering library and apply patches accordingly.
Google is making passkeys the default login setting for users, aiming to replace passwords and enhance security. Passkeys reduce the risk of phishing attacks and offer a more secure alternative to traditional passwords.
Security researchers exposed a cyberespionage operation named Stayin Alive, which targets the telecommunications sector and government entities in Kazakhstan, Uzbekistan, Pakistan, and Vietnam. The campaign employs spear-phishing emails and DLL side-loading to deliver archive files to the victims’ systems. It is recommended to refrain from attending to unsolicited emails/messages.
Adobe has released patches for multiple security vulnerabilities, including critical flaws in Adobe Commerce and Photoshop that could lead to code execution and privilege escalation.
FortiGuard Labs found that the IZ1H9 Mirai-based DDoS botnet campaign has strengthened its arsenal with 13 exploits for D-Link devices, Netis wireless routers, TOTOLINK routers, Zyxel devices, and others. As the botnet expands its arsenal with new exploit triggers, it underscores the importance of applying security patches on time.
The "Five Families" of hacktivist gangs, including ThreatSec, GhostSec, Stormous, Blackforums, and SiegedSec, are collaborating to launch large-scale cyberattacks, causing disruptions and chaos.
The letter from the lawmakers follows a recent fine of 345 million euros (~$366 million) imposed on TikTok by the Irish Data Protection Commissioner for failing to adequately protect children's privacy.
A recent survey conducted by Enea reveals that 76% of cybersecurity professionals believe that malicious AI, capable of bypassing most cybersecurity measures, is a looming threat.
Google has released Chrome 118 with fixes for 20 vulnerabilities, including a critical bug in Site Isolation that could allow for sandbox escape and arbitrary code execution.
Symantec found a previously unidentified threat actor named Grayling conducting advanced persistent attacks targeting organizations in Taiwan, the Pacific Islands, Vietnam, and the U.S., with a focus on intelligence gathering. Grayling's modus operandi seems to revolve around exploiting public infrastructures for show more ...
The lawsuit alleged that Crunchyroll had disclosed subscribers' personal information to third parties without proper consent. Initially denying the allegations, Crunchyroll ultimately chose to settle to avoid expenses and uncertainties.
The vulnerability, CVE-2023-22515, allows remote attackers to create unauthorized administrator accounts and gain access to Confluence servers. Organizations using Confluence applications should upgrade to the latest versions and isolate them.
Automation and AI are being used by cybercriminals to enhance the speed and effectiveness of attacks, particularly in areas like money laundering and credential stuffing.
The victims include Hughes Gill Cochrane Tinetti, Saltire Energy, Centek Industries, NachtExpress Austria, WCM Europe, Starr Finley, and an unknown firm. These attacks are part of a wider scheme by the threat actor, targeting major firms globally.
Gentoo Linux Security Advisory 202310-12 - Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. Versions greater than or equal to 8.3.0-r2 are affected.
Debian Linux Security Advisory 5523-1 - Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool.
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the virtual show more ...
Smart School version 6.4.1 suffers from multiple remote SQL injection vulnerabilities.
Debian Linux Security Advisory 5522-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
Ubuntu Security Notice 6429-1 - Jay Satiro discovered that curl incorrectly handled hostnames when using a SOCKS5 proxy. In environments where curl is configured to use a SOCKS5 proxy, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04. show more ...
Ubuntu Security Notice 6428-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service.
Red Hat Security Advisory 2023-5628-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5627-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, null pointer, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5622-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include memory leak, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5621-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5616-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5615-01 - The libssh2 packages provide a library that implements the SSH2 protocol.
Red Hat Security Advisory 2023-5610-01 - The GNU tar program can save multiple files in an archive and restore files from an archive. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-5607-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2023-5604-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5603-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5598-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Red Hat Security Advisory 2023-5597-01 - The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-5591-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2023-5589-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5588-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-5587-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and show more ...
Red Hat Security Advisory 2023-5580-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-5575-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. "CVE-2023-22515 is a critical privilege escalation vulnerability in
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September. The two
More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector, nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagDiv Composer plugin (CVE-2023-3169, CVSS score: 6.1) that could be exploited by unauthenticated users to
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-21608 (CVSS score: 7.8), the vulnerability has been described as a use-after-free bug that can be exploited to achieve remote code execution (RCE) with the
Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong and unique password for each account, they resort to easy-to-remember passwords, or use the same password
Facebook's official UK account was compromised on Friday evening by a cricket lover, who was seemingly just as surprised as the rest of us...
Graham Cluley Security News is sponsored this week by the folks at WALLIX. Thanks to the great team there for their support! In the rapidly evolving landscape of Industry 4.0, marked by rapid innovation and unparalleled connectivity, safeguarding your critical assets is non-negotiable. As industries like show more ...
Security researchers, global organizations, law enforcement and other government agencies need to have the right conversations and test potential scenarios without the pressure of an actual attack
How CISOs and their peers can better engage with boards to get long-term buy-in for strategic initiatives
