Since Elon Musk bought Twitter, theres been such a constant stream of changes on the social platform that its been genuinely difficult to keep up — especially for those who dont spend all their free time on Twitter. One significant change that looks likely its here to stay concerns Xs account verification system — show more ...
The latest episode of the Transatlantic Cable kicks off with news that Sony have are the latest victim in the MoveIT vulnerability campaign. From there, the team discuss how NATO, the military alliance, was recently hit by a databreach. To wrap up, the team discuss the data leak at 23andMe, the DNA sequencing company, show more ...
In this Expert Insight, Derek Kernus, the Director of Cybersecurity Operations at DTS talks about the challenges facing small businesses that are under pressure to adopt cybersecurity best practices without breaking their budget. Derek offers suggestions for prioritizing cybersecurity investments - and things to watch show more ...
Popular malware like QakBot and DarkGate rely on VBScript, which dates back to 1996 — but their days are numbered now that Microsoft is finally deprecating the Windows programming. language.
Cryptocurrency apps were the most high risk for exposing sensitive information, a reverse-engineering study shows.
Companies with customers in California need to prepare for a new process for demanding deletion of personal data.
Government security processes are often viewed as tedious and burdensome — but applying the lessons learned from them is imperative for private industry to counter a nation-state threat.
Scammers have targeted the vaunted blue check marks on the platform formerly known as Twitter, smearing individuals and brands alike.
Evasive malware disguised as a caching plugin allows attackers to create an admin account on a WordPress site, then take over and monetize sites at the expense of legitimate SEO and user privacy.
Joe Sullivan's lawyers have claimed his conviction on two felony charges is based on tenuous theories and criminalizes the use of bug bounty programs.
By working cooperatively, the West and Africa can mobilize to tackle nation-state-backed cyber threats.
A plurality of the targets in the ongoing campaign have been based in the Americas.
This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environment.
The company has taken down its systems in an effort to determine the scope of the attack.
According to a Splunk report, nearly half (47%) of global CISOs now report to their CEO, and the vast majority (78%) are backed by a board-level cybersecurity committee, signaling the growing influence of cyber risk management in organizations.
The building materials producer experienced a cybersecurity incident that has caused disruptions in its operations and is expected to continue, leading to a pause in business operations.
The discontinuation of Internet Explorer, which came bundled with VBScript, eliminates a prevalent infection vector used by threat actors to distribute malware on Windows systems.
ZTNA simplifies operational costs by centralizing policy controls and adapting to changing conditions, reducing the need for expensive and challenging-to-maintain traditional network security measures.
The main tool used in the campaign is a backdoor called CurKeep, which collects information about infected machines and allows remote control. The campaign also utilizes other loaders and downloaders, all connected to the same infrastructure.
The Knight ransomware group has openly claimed responsibility for the recent cyberattack on India's National Health Mission. The group shared screenshots of the attack on their dark web site.
This recent phishing campaign targeted various industries, with the finance sector being the primary target, and highlights the importance of employee training to combat phishing attacks.
The reemergence of the hacking group Predatory Sparrow, believed to have links to the Israeli government, highlights the potential role of cyber operations in the ongoing conflict between Israel and Hamas.
Owners of the D-Link DAP-X1860 extender should limit manual network scans, be cautious of sudden disconnections, and consider isolating IoT devices and range extenders from sensitive devices.
The hackers found a way to spam users of the app and claimed their attack left users' phones disconnected from the internet and broken. While the hack caused concern, it is unlikely that it actually damaged users' devices.
The Athena Agent, part of the Mythic C2 framework, is a cross-platform tool with diverse functionalities, making it highly valuable for threat actors seeking to gain control over compromised systems.
The federal government is investing in the infrastructure to improve collaboration and data sharing with the private sector in order to strengthen the nation's digital infrastructure against cyber threats.
ReadyToRun (R2R) stomping is a new method that allows for hidden implanted code in .NET binaries, altering the original intermediate language (IL) code and prioritizing pre-compiled native code for execution.
The malware has various functions, including user creation, content replacement, and plugin control, allowing attackers to remotely control and monetize compromised sites.
According to a survey by Splunk, 9 out of 10 CISOs reported experiencing a major cyberattack in the past year, with almost half stating that their organizations were hit by multiple disruptive cyberattacks.
Organizations using cURL and libcurl are urged to apply the patches in cURL 8.4.0 to mitigate the vulnerability that potentially impacts all software projects relying on libcurl.
Amid the Israeli-Palestinian conflict, cybercriminals from both sides have turned to cyberattacks in the form of distributed DDoS and also targeting bugs in ICS and SCADA systems. Several Israeli and Palestine organizations have left their Modbus, a SCADA communications protocol, exposed. To mitigate these show more ...
As per a recent report by WatchGuard, in Q2 2023, 95% of malware is delivered through encrypted connections, highlighting the importance of inspecting SSL/TLS traffic to detect hidden threats.
The Italian Postal Police and CERT-AgID have recently reported numerous phishing campaigns impersonating popular brands such as Poste Italiane, Intesa Sanpaolo, and Zimbra.
While Air Canada previously stated that the breach only involved limited personal information, the hackers now say they have accessed much more extensive data, amounting to 210GB.
The venture capital firm, led by former Fortune 500 CISOs and security executives, plans to focus on the seed stage to help early-stage companies develop next-generation cyber solutions and find product-market fit faster.
The package contains a malicious install script that executes covertly during installation, downloading an obfuscated batch script that ultimately constructs and executes a PowerShell script.
The three-day operation took place in the Dutch municipality of Apeldoorn, with officers from all 22 EU member states and four “third countries” taking part, alongside representatives from Interpol, the European Labour Authority, and others.
The breach occurred due to a social engineering attack targeting an employee, resulting in the theft of customer data including names, email addresses, billing addresses, and credit card expiration dates.
Debian Linux Security Advisory 5525-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in denial of service, information disclosure or privilege escalation.
Debian Linux Security Advisory 5524-1 - Kevin Backhouse discovered an out-of-bounds array access in Libcue, a library for parsing CD metadata, which could result in the execution of arbitrary code.
Ubuntu Security Notice 6425-2 - USN-6425-1 fixed vulnerabilities in Samba. Due to a build issue on Ubuntu 20.04 LTS, the update introduced regressions in macro handling and possibly other functionality. This update fixes the problem. Sri Nagasubramanian discovered that the Samba acl_xattr VFS module incorrectly show more ...
Dawa Pharma version 1.0-2022 suffers from a remote SQL injection vulnerability.
Lost and Found Information System version 1.0 suffers from an insecure direct object reference vulnerability that allows for account takeover.
Ubuntu Security Notice 6429-2 - USN-6429-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that curl incorrectly handled cookies when an application duplicated certain handles. A local attacker could possibly create a cookie file and inject arbitrary cookies into subsequent connections.
Clinic's Patient Management System version 1.0 suffers from a remote shell upload vulnerability.
High-profile government and telecom entities in Asia have been targeted as part of an ongoing campaign since 2021 that's designed to deploy basic backdoors and loaders for delivering next-stage malware. Cybersecurity company Check Point is tracking the activity under the name Stayin' Alive. Targets include organizations located in Vietnam, Uzbekistan, Pakistan, and Kazakhstan. "The simplistic
Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as follows - CVE-2023-38545 (CVSS score: 7.5) - SOCKS5 heap-based buffer overflow vulnerability CVE-2023-38546 (CVSS score: 5.0) - Cookie injection with none file CVE-2023-38545 is the more severe of the
Cybersecurity researchers have shed light on a new sophisticated strain of malware that masquerades a WordPress plugin to stealthily create administrator accounts and remotely control a compromised site. "Complete with a professional looking opening comment implying it is a caching plugin, this rogue code contains numerous functions, adds filters to prevent itself from being included in the list
A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user named Disti, is a typosquat of a legitimate package called Pathoschild.Stardew.ModBuildConfig, software supply chain security firm Phylum said in a report today. While
The threat actors behind ShellBot are leveraging IP addresses transformed into its hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. "The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value," the AhnLab Security Emergency response Center (ASEC)
ChatGPT has transformed the way businesses generate textual content, which can potentially result in a quantum leap in productivity. However, Generative AI innovation also introduces a new dimension of data exposure risk, when employees inadvertently type or paste sensitive business data into ChatGPT, or similar applications. DLP solutions, the go-to solution for similar challenges, are
Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an unknown industrial organization in early June 2023. The tech giant's threat intelligence team is tracking the operator as Storm-1567. The attack leveraged devices that were not onboarded to Microsoft
Dream girlfriends, AI love scams, and an alleged spy who is said to have made a series of blunders. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.
