At the international Security Analyst Summit conference, our Kaspersky Global Research and Analysis Team (GReAT) experts presented some extremely exciting research. We will not repeat each of them in detail, just briefly outline the most interesting facts. StripedFly spyware platform Almost a detective story about a show more ...
The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.
When investing in a unified endpoint management solution, prioritize the needs of your network and users ahead of brand names. This Tech Tip focuses on questions to ask.
Small and midsize businesses face the same cyberattacks as enterprises, with fewer resources. Here's how to protect a company that has leaner means.
Groups have fallen silent after bold claims of action at the start of the conflict.
Generative artificial intelligence tools have unleashed a new era of terror to CISOs still battling longstanding shadow IT security risks.
The financially motivated English-speaking threat actors use advanced social engineering techniques, SIM swapping, and even threats of violence to breach targets.
The newly launched AI & ML Security Library allows developers to analyze the code used in machine learning systems to identify and address risks.
Preventative security should be driven by data and risk assessment, not compliance.
The HTTP/2 Rapid Reset vulnerability was exploited in 89 attacks that exceeded 100 million requests per second, with the largest attack reaching 201 million requests per second.
Hackers had unauthorized access to Philadelphia city email accounts for at least three months, potentially compromising health information stored in them. Suspicious activity was initially detected in May but residents were only notified in October.
These apps, associated with malware families such as 'FakeApp,' 'Joker,' and 'HiddenAds,' have been downloaded over 2 million times. The HiddenAds apps push intrusive ads to users while hiding their presence on the infected devices.
A new malware variant dubbed FakeUpdateRU was found targeting site visitors, attempting to trick them into downloading a fake Google Chrome update. The infection impacts WordPress websites as well as other CMS platforms. Google has blocked many domains associated with this malware, but attackers have adapted by linking directly to compromised websites.
While some secure coding practices apply to all PLCs, others are specific to each vendor, making it difficult to find relevant documentation. The project aims to provide this information in an easy-to-digest format.
The Russian APT28 hacking group, also known as 'Strontium' or 'Fancy Bear,' has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.
U.S. government agencies and private sector organizations should remain on high alert for cyberattacks targeting critical infrastructure and key sectors in light of escalating global conflicts.
The highest reward of $100,000 went to Chris Anastasio for exploits targeting a P-Link Omada Gigabit router and a Lexmark CX331adwe printer. Other successful exploits earned hackers rewards ranging from $50,000 to $10,000.
The AI security and trust software firm has raised $25 million in Series A funding, bringing its total funding to $32 million, which will be used for innovation, R&D, and business expansion.
The high-severity flaw, tracked as CVE-2023-46747, could be exploited by an unauthenticated attacker with network access. The issue is related to the configuration utility component and does not expose data but impacts control plane operations.
Nigerian police have shut down a cybercrime recruitment and training center in Abuja, arresting six suspects involved in various cybercrimes including business email compromise and romance scams.
Spotify confirmed the incident and stated that they have fixed the issue, although some affected profiles may still show altered or missing profile pictures due to caching.
DuckTail is a highly elusive form of malicious software that evades detection, collects information about victims, communicates with a Command and Control server through a Telegram Bot, and exfiltrates data through ZIP archives.
A recent survey conducted by Cisco reveals that younger consumers are more proactive in protecting their privacy, with 42% of those aged 18-24 exercising their Data Subject Access Rights.
The Cybersecurity Resilience Quotient (CRQ) metric goes beyond traditional approaches by considering factors such as asset exposure, vulnerability, criticality, architecture defensibility, and business process vulnerabilities.
The in-home hospitality app exposed almost 170,000 user records, including sensitive personal data and partial payment information, due to a passwordless and publicly accessible database.
A key point of contention is the shared responsibility model which is frequently misunderstood. While cloud providers like AWS secure the infrastructure, customers are responsible for safeguarding their sensitive data and other components.
Cloudflare has revealed that it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks exploiting the recently disclosed HTTP/2 Rapid Reset flaw.
According to Abnormal Security, the majority of security leaders are not adequately prepared to defend against AI-generated email attacks, relying on traditional solutions that lack effectiveness.
Federal civilian agencies have remediated over 7 million Known Exploited Vulnerabilities findings this year, resulting in a 72% decrease in the percentage of vulnerabilities exposed for 45 or more days.
The group compromised a software vendor by exploiting known security flaws in another popular software. They deployed malware such as SIGNBT and LPEClient to gain control over the victims' systems.
The U.K NCSC's PDNS for Schools service will be rolled out for free over the next year, and it will provide metrics about network health and support for resolving issues.
StripedFly features TOR-based traffic concealing mechanisms, automated updating, worm-like spreading capabilities, and an EternalBlue SMBv1 exploit created before the flaw was disclosed.
Genetics testing firm 23andMe is facing multiple class action lawsuits and congressional scrutiny following a credential-stuffing hacking incident that exposed sensitive customer data.
The breach, which occurred from August 12 to September 26, involved the theft of personal information such as names, Social Security numbers, driver's license numbers, medical information, and health insurance policy numbers.
A recent survey by ISACA revealed that the biggest risk associated with generative AI is misinformation and disinformation. This has led to concerns about privacy violations, social engineering, intellectual property loss, and job displacement.
Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edit_user capability does not honor the grantableRoles setting in the show more ...
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP show more ...
SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.
SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.
XAMPP version 3.3.0 .ini unicode + SEH buffer overflow exploit.
Debian Linux Security Advisory 5536-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Red Hat Security Advisory 2023-6148-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.9 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-6145-01 - Multicluster Engine for Kubernetes 2.2.9 General Availability release images, which contain security updates and fix bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-6143-01 - An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.14.
Red Hat Security Advisory 2023-6105-01 - An update is now available for Red Hat JBoss Core Services. Issues addressed include a denial of service vulnerability.
F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP
When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats. At the heart of your business lies your operational technology and critical systems. This places them at the forefront of cybercriminal
Google has announced that it's expanding its Vulnerability Rewards Program (VRP) to reward researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security. "Generative AI raises new and different concerns than traditional digital security, such as the potential for unfair bias, model manipulation or
The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for
South Korea and the United States's FBI are warning organisations that they might have inadvertently recruited a North Korean spy to work in their IT department.
The zero-day exploit deployed by the Winter Vivern APT group only requires that the target views a specially crafted message in a web browser
