Our annual analysis of the most notorious malware has arrived. As always, it covers the trends, malware groups, and tips for how to protect yourself and your organization. This post covers highlights of our analysis, including the rise of ransomware as a service (RaaS), the six nastiest malware groups, and the role show more ...
The latest episode of the Transatlantic Cable kicks off with news that Okta has suffered a data breach from unknown attackers. The attackers were able to get hold of sensitive HAR files. The 1Password breach was also related, but 1Password are stressing that sensitive user info was not affected. From there the team show more ...
A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia.
Cyber threats on satellite technology will persist and evolve. We need a comprehensive cybersecurity framework to protect them from attackers.
VMware vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins.
We have too much cybersecurity awareness. It's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors.
In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.
The YoroTrooper group claims to be from Azerbaijan and even routes its phishing traffic through the former Soviet republic.
New research by Riskonnect highlights a significant gap in AI risk management, with only 17% of risk and compliance leaders formally training their organizations on the risks of generative AI.
Citrix is urging its customers to upgrade to the latest versions of NetScaler ADC and NetScaler Gateway due to reports of targeted attacks and session hijacking. The company released patches to address a critical vulnerability, CVE-2023-4966.
The wiretap is believed to have lasted up to 6 months, allowing the attacker to execute actions on compromised accounts without the need for passwords, potentially altering messages and accessing unencrypted data.
Ransomware activity reached an all-time high in September, with 514 attacks recorded. The previous record was in March 2023, but this new surge was led by different threat groups. LockBit 3.0, LostTrust, and BlackCat were the top attackers.
The round was led by SYN Ventures, with participation from First In Ventures, Washington Harbour Partners, and BankTech Ventures. This brings Adlumin's total funding to $83 million and solidifies its position in the security operations and MDR space.
Censys aims to offer customers insights into the historical and real-time status of their data, enabling them to identify how long their data has been vulnerable and what changes have made it exploitable.
ASVEL has reported the incident to the national data protection authority and law enforcement authorities, while also assessing the potential impact on third parties, including fans who made purchases on the club's official website.
Although humans currently outperform AI in terms of click rates and detection, the advancing sophistication of AI suggests it may eventually surpass human capabilities in the phishing industry.
Passkeys are digital credentials that can only be used by authorized users and require biometric or unique factor authentication. Tech giants like Apple, Google, and Microsoft have embraced passkeys in their products.
Researchers also targeted other devices such as smartphones, printers, smart speakers, and surveillance cameras, demonstrating the wide range of potential targets for hackers.
Additional resources and funding, along with harmonized authorities and improved coordination, are necessary to enhance the cybersecurity measures of federal executive agencies.
The Akira ransomware gang breached BHI Energy's network through a stolen VPN credential and stole a significant amount of data, including the personal information of employees.
The updated plan will involve collaboration with industry stakeholders, government agencies, and critical infrastructure organizations, recognizing the private sector's role as the first responder to many cyber incidents.
MNEMO Mexico's expertise in advanced cyber defense, generative AI-powered cyber intelligence, and a 24/7 security operations center will enhance Accenture's capabilities in helping organizations build cyber-resilient businesses.
With the investment from Sixth Street Growth, Keyfactor aims to continue its trajectory of hypergrowth, leveraging their experience, financial prowess, and strategic network to empower the company in the next chapter of its development.
Criminals are hijacking business accounts on Facebook and running their own advertising campaigns, causing financial damage and reputational harm to legitimate account holders.
The escalating reliance on information operations by these groups aims to influence the global perception of the conflict, with strategic campaigns designed to manipulate social media platforms and influence media outlets.
The White House aims to establish a global norm against paying ransoms to cybercriminals and may seek a UN process or an international partnership to achieve this objective.
The TSA directives require operators to test their cybersecurity incident response plans annually, submit updated cybersecurity assessment plans, and report on the effectiveness of their efforts.
Russian state organizations and industrial sectors have been targeted with a custom Go-based backdoor. The backdoor, distributed through phishing emails, steals data, including passwords from popular web browsers and the Thunderbird email client.
VMware has released security updates to address a critical vulnerability in their vCenter Server software. The flaw, known as CVE-2023-34048, allows for remote code execution and is of critical severity (CVSS score: 9.8).
The breach was caused by a vulnerability in Fiserv's MOVEit managed file transfer application. Fiserv has patched the vulnerability, and the bank is monitoring for unusual activity.
The threat actor attempts to disguise their origin by hosting infrastructure in Azerbaijan and using the Azerbaijani language in their operations, despite not being fluent in Azerbaijani.
The breach, which occurred on August 7, 2023, was discovered a day later and the cybercriminals were removed from CoinFlip's systems with the assistance of their IT team.
Smokeloader malware is a highly complex tool that can perform various malicious functions, such as stealing credentials and executing DDoS attacks, with prices ranging from $400 to $1,650 depending on the package.
The vulnerability, assigned CVE-2023-5631, allowed attackers to execute arbitrary JavaScript code in the context of a Roundcube user's browser window through a specially crafted email.
The two exposed environment files contained sensitive information such as database credentials, SMTP server login details, and payment processing information, according to Cybernews researchers.
Ransomware groups are likely to leverage AI-enabled tools, such as chatbots and voice cloning, to enhance their social engineering tactics and technical skills, posing a greater threat to public and private organizations.
This breach raises concerns about the security and privacy of Airbnb's user base, as the stolen data can be used for malicious purposes such as identity theft and phishing.
Debian Linux Security Advisory 5533-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
Ubuntu Security Notice 6451-1 - It was discovered that ncurses could be made to read out of bounds. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6362-2 - USN-6362-1 fixed vulnerabilities in .Net. It was discovered that the fix for [CVE-2023-36799] was incomplete. This update fixes the problem. Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6438-2 - USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix for [CVE-2023-36799] was incomplete. This update fixes the problem. Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial show more ...
Debian Linux Security Advisory 5532-1 - Tony Battersby reported that incorrect cipher key and IV length processing in OpenSSL, a Secure Sockets Layer toolkit, may result in loss of confidentiality for some symmetric cipher modes.
Ubuntu Security Notice 6288-2 - USN-6288-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.43 in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Red Hat Security Advisory 2023-6085-01 - An update is now available for Red Hat Openshift distributed tracing 2.9. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-6084-01 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5896-01 - Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5895-01 - Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs.
Citrix NetScaler ADC and NetScaler Gateway proof of concept exploit for the session token leakage vulnerability as described in CVE-2023-4966.
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files
The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious ads that are served when potential victims search for "WhatsApp web" on search engines. "The
The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known
Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in Booking[.]com and Expo. The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors to
In today's digital landscape, around 60% of corporate data now resides in the cloud, with Amazon S3 standing as the backbone of data storage for many major corporations. Despite S3 being a secure service from a reputable provider, its pivotal role in handling vast amounts of sensitive data (customer personal information, financial data, intellectual property, etc.), provides a juicy target for
VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger an out-of-bounds
Helen Mort is an award-winning poet and author. She's also an unwitting victim of deepfake pornography. She didn't know until someone directed her towards sexually-explicit deepfake images on a porn site. Images which had her own face edited onto another woman's body.
ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible
