No one likes passwords. They take ages to enter, are hard to remember, and the need for a number, symbol, uppercase letter, and a couple of hens teeth only makes creating them all the more difficult. But if you use the same password everywhere, or limit yourself to simple short (read — weak) passwords, sooner or show more ...
The cybercrime recruitment and mentoring hub conducted a variety of cybercrimes including business email compromise.
Nation-state hackers are using hybrids to ensnare those in the maritime, shipping, and logistics industries.
Companies are advised to act now to protect networks while federal employee paychecks are still forthcoming. Public agencies are updating contingency plans before the November extension ends, while cyber stalkers get an extra month to plan, too.
The English-speaking cyberattack group behind the MGM and Caesars Entertainment attacks is adding unique capabilities and gaining in sophistication. Prepare now, Microsoft says.
With Google's announcement of seven years of support, other smartphone makers risk falling behind.
Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.
The industrial automation giant agrees to buy Verve Industrial Protection, joining in an ICS trend of bringing cybersecurity capabilities in-house to keep up with attackers.
The threat actor exfiltrated 690 gigabytes of uncompressed data, or 767,035 files.
The vulnerabilities could have allowed attackers to leak credentials and take over user accounts. No Grammarly accounts were compromised, and the company thanked the researchers for reporting the issue.
The attack, confirmed to be a ransomware attack by Chile's CSIRT, involved the Rorschach ransomware variant and utilized DLL sideloading vulnerabilities in legitimate software executables to load the malicious DLL.
The malware overwrites the main index.php file of websites, affecting both WordPress and other CMS platforms. The fake update page looks exactly like the official Google Chrome download page.
ServiceNow has fixed a flaw that allowed unauthenticated attackers to steal sensitive data. The flaw was highlighted by security researcher Aaron Costello, who found that the default configurations of ServiceNow's widgets exposed personal data.
The Rhysida ransomware-as-a-service (RaaS) operation has targeted Brazil's popular PIX payment system since December 2022, using a unique self-deletion mechanism and compatibility with older versions of Windows.
Vacum Stealer is a dangerous malware that can transfer cryptocurrency from users' wallets without requiring any additional confirmation, posing a significant risk to unsuspecting individuals.
A newly emerged ransomware gang, Hunters International, is resorting to morally questionable tactics by leaking patients' pre-operation pictures in order to hasten ransom negotiations.
Seiko Group Corporation (SGC) has confirmed a data breach that occurred in July 2023. The breach resulted in unauthorized access to 60,000 records, including customer data, contact details, employment applicant information, and personnel details.
The updates cover fixes for a range of components including Contacts, WebKit, and kernel, among others, and aim to fix code execution flaws and privilege escalation issues.
The diagnostic service left 7 terabytes of sensitive data vulnerable, including medical diagnostic scans, test results, patient information, and even the names of attending doctors.
The Winter Vivern espionage group targeted European government entities and a think tank using a zero-day vulnerability in Roundcube Webmail, enabling email exfiltration with minimal interaction. The payload used in the campaign worked even on fully patched Roundcube instances. Despite the low sophistication of the group’s toolset, Winter Vivern remains a significant threat to organizations in Europe.
The group gains initial access through social engineering tactics, including impersonating victims and using fake login portals, to target a wide range of industries for extortion.
The attacks primarily target the maritime, shipping, and logistics sectors in the Mediterranean region, with high-value targets being subjected to the deployment of IMAPLoader.
The Cybersecurity Toolkit for Healthcare and Public Health provides valuable resources and guidance to help healthcare organizations enhance their security posture and reduce the risk of cyberattacks.
The newly released SEC cyber incident disclosure rules have raised concerns about whether public companies are prepared to fully define operational risk and disclose material business risk from cyber incidents.
The updates patch multiple flaws, including an insufficient activation-delay bug in Firefox and a use-after-free issue in Chrome, but there is no evidence of these vulnerabilities being exploited in the wild.
This attack bypasses standard side-channel protections implemented by browser vendors and can retrieve data from Safari, as well as other browsers like Firefox, Tor, and Edge on iOS.
The Australian government is introducing standards to address the cybersecurity vulnerabilities of internet-connected solar inverters amid concerns of potential Chinese state-sponsored hacking.
Octo Tempest, a financially motivated threat group known for extensive social engineering campaigns and SIM-swapping techniques, has become a major concern for businesses worldwide. It has been affiliated with ALPHV/BlackCat and began deploying ransomware payloads as well. Given Octo Tempest's relentless evolution and aggressive approach, organizations must be proactive in their defense strategies.
Cisco Talos has disclosed multiple vulnerabilities in popular VPN software, including a critical heap-based buffer overflow vulnerability, posing a significant risk to users' connections and allowing for arbitrary code execution.
The vulnerability arises from an unauthenticated buffer-related flaw in Citrix devices, which can be exploited to gain unrestricted access to the appliances and potentially hijack user accounts.
The Science, Innovation and Technology Committee will oversee the inquiry, alarmed at the proliferation of state and non-state actors using offensive cyber capabilities against UK organizations.
The vulnerability (CVE-2023-43208) is a patch bypass for a critical remote command execution vulnerability (CVE-2023-37679), and all instances of Mirth Connect are susceptible to it.
Online platforms, mobile phone networks, and social media are commonly used by scammers to target victims and initiate APP fraud, emphasizing the importance of collaboration across sectors to fight against fraud.
Ubuntu Security Notice 6454-1 - Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service. Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not show more ...
Ubuntu Security Notice 6446-3 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly show more ...
Gentoo Linux Security Advisory 202310-16 - A vulnerability has been discovered in unifi where bundled log4j can facilitate a remote code execution Versions greater than or equal to 6.5.55 are affected.
Gentoo Linux Security Advisory 202310-15 - A vulnerability has been discovered in usbview where certain users can trigger a privilege escalation. Versions greater than or equal to 2.2 are affected.
Gentoo Linux Security Advisory 202310-14 - A vulnerability has been discovered in libinput where an attacker may run malicious code by exploiting a format string vulnerability. Versions greater than or equal to 1.20.1 are affected.
Apple Security Advisory 10-25-2023-9 - Safari 17.1 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 10-25-2023-5 - macOS Ventura 13.6.1 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 10-25-2023-8 - watchOS 10.1 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 10-25-2023-2 - iOS 16.7.2 and iPadOS 16.7.2 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 10-25-2023-7 - tvOS 17.1 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 10-25-2023-6 - macOS Monterey 12.7.1 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 10-25-2023-3 - iOS 15.8 and iPadOS 15.8 addresses code execution and integer overflow vulnerabilities.
Apple Security Advisory 10-25-2023-1 - iOS 17.1 and iPadOS 17.1 addresses bypass, code execution, and use-after-free vulnerabilities.
Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a show more ...
Debian Linux Security Advisory 5535-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, clickjacking, spoofing or information leaks.
Ubuntu Security Notice 6453-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. Sri discovered that the X.Org X Server incorrectly show more ...
Oracle database versions 19.3 through 19.20 and 21.3 through 21.11 have an issue where an account with create session and select any dictionary can view password hashes stored in a system table that is part of a sharding component setup.
Debian Linux Security Advisory 5534-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
Ubuntu Security Notice 6435-2 - USN-6435-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-6138-01 - An update is now available for Migration Toolkit for Runtimes.
Red Hat Security Advisory 2023-6137-01 - An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-6122-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.3 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-6121-01 - The Migration Toolkit for Containers 1.8.1 is now available.
Red Hat Security Advisory 2023-6120-01 - An update for the nginx:1.22 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on show more ...
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared show more ...
TEM Opera Plus FM Family Transmitter version 35.45 suffers from a cross site request forgery vulnerability.
TEM Opera Plus FM Family Transmitter version 35.45 suffers from a remote code execution vulnerability.
WordPress AI ChatBot plugin versions 4.8.9 and below suffer from arbitrary file deletion, remote SQL injection, and directory traversal vulnerabilities.
BOOTSTRAP24, a hacker conference with that is heavy with hands-on participation, will take play February 24, 2024 in Austin, Texas, USA. The prior evening will be a mixer.
The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads," the PwC Threat Intelligence said in a Wednesday analysis. "It uses email
Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023. "This is an easily exploitable, unauthenticated remote code
A relatively new threat actor known as YoroTrooper is likely made of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the government's Anti-Corruption Agency. "YoroTrooper attempts to obfuscate the
While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases. Download the full case study here. It's a scenario that could have affected any type of company, from healthcare to finance, e-commerce to
A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using
The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financially motivated hacking crew, described the adversary as "one of the most dangerous financial criminal
Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS). "The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter," the web infrastructure
A high profile French basketball team has fallen victim to the NoEscape ransomware-as-a-service group, who claim to have stolen 32 GB of data including sensitive personal information about the club's star players. Read more in my article on the Hot for Security blog.
Ahoy! There's trouble in the South China Seas as Filipino organisations fail to secure their systems, we take a close look at Google IP protection, and we take a look at just how so much genetic profile data leaked out of 23andMe. All this and much much more is discussed in the latest edition of the "Smashing show more ...
It's all too easy sometimes to imagine that a cyber attack is confined to the digital world, and that - although disruptive - it may not have serious consequences in real life. Maybe the attack which happened last week in New York will make you think differently. Read more in my article on the Hot for Security blog.
A Vietnamese cybercrime gang is being blamed for a malware campaign that has seen bogus adverts posted on LinkedIn, pretending to be related to jobs at computer memory and gaming accessories firm Corsair. Read more in my article on the Tripwire State of Security blog.
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023
