Despite all the changes that have occurred in the field of information security over recent decades, passwords still remain one of the most important elements of data protection. And when we talk about passwords, password policies become the center of our attention. In this post, we explain the mistakes to avoid when show more ...
CISA and FBI warn the RaaS provider's affiliates are striking critical industries, with more attacks expected to come from additional ransomware groups in the months ahead.
The passwordless technology is becoming popular because Apple, Google, and Microsoft have a solution for accounts recovery, but enterprises are slow-walking their passkey adoption plans.
Finding the right post-quantum cryptographic (PQC) algorithms is necessary, but not sufficient, to future-proof cybersecurity.
The goal of the program is to uncover critical or important vulnerabilities within the AI-powered Bing program.
The writers' strike shows that balancing artificial intelligence and human ingenuity is the best possible outcome for creative as well as cybersecurity professionals.
Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.
The Cyber Resilience Act's requirement to disclose vulnerabilities within 24 hours could expose organizations to attacks — or government surveillance.
Mandiant's John Hultquist says to expect anti-Israel influence and espionage campaigns to ramp up as the war grinds on.
The botnet — built for DDoS, backdooring, and dropping malware — is evading standard URL signature detections with a novel approach involving Hex IP addresses.
The luxury hotel group Edwardian Hotels London has reportedly been targeted by the Black Basta ransomware group. Cybersecurity researchers have shared screenshots of the claims made by the hackers.
ShellBot is capable of launching DDoS attacks and deploying cryptocurrency miners, highlighting the importance of strong passwords and regular password changes to resist dictionary attacks.
DarkGate is a commodity loader that has been increasingly used in initial entry attacks, offering various malicious capabilities such as keylogging, browser information theft, and privilege escalation.
There were 2116 reported US data breaches and leaks in the first nine months of 2023, making it the worst year on record with a whole quarter left to go, according to the Identity Theft Resource Center (ITRC).
The FBI and the CISA recommend implementing application control mechanisms, limiting remote desktop services, and following best practices such as updating software and using strong passwords to defend against AvosLocker ransomware attacks.
Progress Software has received a subpoena from the SEC and faces multiple class action lawsuits and claims for indemnification due to the MOVEit vulnerability, resulting in significant costs.
After nearly a week of intense speculation regarding the security issues in cURL, the latest version of this command-line transfer tool has been released with a fix. Vulnerable systems could allow potential attacks via a malicious HTTPS server redirect. Organizations are urged to promptly update and secure systems using cURL or libcurl.
The Reichsadler Cybercrime Group attempted to deploy ransomware on unpatched WS_FTP servers using a stolen LockBit 3.0 builder. The attackers used the GodPotato tool to escalate privileges on the servers.
Apple has released iOS and iPadOS updates to fix a local privilege escalation kernel vulnerability (CVE-2023-42824) that has been actively exploited in attacks, potentially by commercial spyware vendors.
Void Rabisu employs various tactics, such as signing malware with bought certificates, using malicious advertisements, and exploiting vulnerabilities, including zero-day vulnerabilities.
A new vulnerability in the User Submitted Posts WordPress plugin (versions 20230902 and below) has been discovered by the Patchstack team. The vulnerability has been assigned CVE-2023-45603.
The State Department has undergone a significant cybersecurity overhaul, prioritizing a zero-trust security architecture and implementing key performance indicators and guidance from various federal agencies.
The Vietnamese government is suspected of being behind a targeted campaign using social media to spread links containing commercial spyware, with potential targets including members of the U.S. Congress and European officials.
Cybersecurity has become a top concern for small and medium enterprises (SMEs) and nearly half (48%) of SMEs have experienced at least one cyber incident in the past year, according to a survey from Sage.
Six high-severity vulnerabilities, including five that can be exploited remotely, have been addressed by the patches, which could potentially lead to denial of service (DoS) attacks.
Through its Ransomware Vulnerability Warning Pilot (RVWP) program, the CISA has released two new resources to help identify and fix vulnerabilities exploited by ransomware groups.
Conveyor, a startup using large language models (LLMs) like OpenAI's ChatGPT, has raised $12.5 million in funding led by Cervin Ventures to automate the security review response process for companies.
The website bug allowed unauthorized access to land deed records by guessing sequential application numbers, highlighting the lack of robust security measures on the website.
The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the documentation suggests. show more ...
Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that of an administrator, and re-sign the cookie. This valid cookie show more ...
Debian Linux Security Advisory 5522-2 - The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated.
Debian Linux Security Advisory 5527-1 - Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution. show more ...
Debian Linux Security Advisory 5526-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Ubuntu Security Notice 6430-1 - It was discovered that FFmpeg did not properly handle certain inputs in vf_lagfun.c, resulting in a buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS. It was discovered show more ...
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides show more ...
WordPress Core versions prior to 6.3.2 suffer from arbitrary shortcode execution, cross site scripting, denial of service, and information leakage vulnerabilities. Versions prior to 6.3.2 are vulnerable.
Red Hat Security Advisory 2023-5693-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages include numerous enhancements, and bug fixes.
Red Hat Security Advisory 2023-5691-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5690-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5689-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5684-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2023-5683-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.
The advanced persistent threat (APT) actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities. The findings come from Kaspersky, which first shed light on the adversary last year, linking it to attacks against high-profile entities in Europe and Asia for nearly three
Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to bypass common defense strategies effectively. This article will cover just some of those new developments in Q3-2023 as well as give predictions on quarters to
A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware. "It's
The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) operation's
European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void Rabisu, which is also known as Storm-0978, Tropical Scorpius, and UNC2596, and is also
Valve, the company behind the Steam video game platform, has announced a new security feature after multiple reports of game updates being poisoned with malware. But have they chosen the best way to protect developers' accounts? Read more in my article on the Hot for Security blog.
Why keeping software up to date is a crucial security practice that should be followed by everyone from individual users to SMBs and large enterprises
