Our researchers have discovered a new version of malware from the Ducktail family. Cybercriminals are using it to target company employees who either hold fairly senior positions or work in HR, digital marketing, or social-media marketing. Their ultimate goal is to hijack Facebook Business accounts, so it makes sense show more ...
IBM joins Crowdstrike and Microsoft is releasing AI models to cloud-native SIEM platforms.
Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference.
The laboratory operates a major test reactor, tests advanced nuclear energy concepts, and conducts research involving hydrogen production and bioenergy.
As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code.
Biometric security on PCs isn't quite as bulletproof as you might think, as the line between sensors and host computers can be tampered with.
The Israel-Gaza conflict could expose the region's oil and gas operations to renewed cyberattacks, with global ramifications.
Stay away from using these tactics when trying to educate employees about risk.
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
Qatari organizations participate in cybersecurity exercises to hone their incident response plans and processes.
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTotal.
Loosening attitudes about cloud security are expected to create a nearly $10 billion public cloud market in the Middle East by 2027.
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
Biometric security on PCs isn't quite as bulletproof as you might think, as the line between sensors and host computers can be tampered with.
As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code.
The laboratory operates a major test reactor, tests advanced nuclear energy concepts, and conducts research involving hydrogen production and bioenergy.
Stay away from using these tactics when trying to educate employees about risk.
IBM joins Crowdstrike and Microsoft is releasing AI models to cloud-native SIEM platforms.
The Israel-Gaza conflict could expose the region's oil and gas operations to renewed cyberattacks, with global ramifications.
Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference.
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTotal.
Loosening attitudes about cloud security are expected to create a nearly $10 billion public cloud market in the Middle East by 2027.
Qatari organizations participate in cybersecurity exercises to hone their incident response plans and processes.
CISA has added a critical pre-auth command injection vulnerability in Sophos Web Appliance to its Known Exploited Vulnerabilities catalog, which was patched by the company in April 2023.
Threat actors targeting small- and medium-sized businesses are increasingly using legitimate tools like remote monitoring and management software to evade detection and gain unauthorized access to networks.
The Cybersecurity and Infrastructure Security Agency (CISA), FBI, MS-ISAC, and ASD's ACSC have released a joint advisory in response to LockBit 3.0 ransomware affiliates exploiting a vulnerability in Citrix's NetScaler web application control.
The breach, which occurred on May 28, 2023, compromised the data of 184,995 individuals. The company took three months to determine the extent of the breach and notify affected customers.
Customers, investors, and suppliers are increasingly seeking proof of security and compliance, and companies that cannot provide evidence may miss out on revenue and growth opportunities.
Researchers from Unit 42 have discovered two separate campaigns, named Contagious Interview and Wagemole, targeting job seekers. These campaigns are linked to state-sponsored threat actors associated with North Korea.
Retailers are preparing for a surge in cyber threats during the Thanksgiving holiday and Black Friday weekend. Phishing attacks are a major concern, with threat groups using social engineering to bypass security measures.
The attack on Kronos Research involved unauthorized access to the company's API keys, highlighting the importance of robust security measures in protecting against modern API attacks.
With a significant increase in interest expected, organizations must quickly bridge the gap between generative AI tool usage and security by implementing measures such as zero-trust architecture and thorough security risk assessments.
The vulnerability, known as "Looney Tunables" and tracked as CVE-2023-4911, allows attackers to gain root privileges on major Linux distributions. It affects popular platforms like Fedora, Ubuntu, and Debian.
Attackers are exploiting CAPTCHA-based attacks by using CloudFlare's CAPTCHAs and randomized domain names to mask credential-harvesting forms on fake websites, making it difficult for automated security systems to identify them.
Researchers from Blackwing Intelligence and Microsoft's MORSE have discovered a way to bypass fingerprint authentication on three popular laptops with Windows Hello, namely the Dell Inspiron 15, Lenovo ThinkPad T14s, and Microsoft Surface Pro X.
The US Secret Service and various reporting portals tied the criminals' laundering efforts to multiple wallet addresses. The seized proceeds were returned in the stablecoin Tether.
A proof-of-concept exploit has been released for a critical zero-day vulnerability in Windows SmartScreen. The vulnerability, identified as CVE-2023-36025, allows attackers to bypass Windows Defender SmartScreen checks and execute malicious code.
Dream Security has raised $35 million in a financing round led by existing investors Aleph and Dovi France's Group 11. It offers a range of products that assess and predict cyber threats, react in real-time, and create customized protective measures.
The UK's National Cyber Security Centre (NCSC) has released its first RFC for the Internet Engineering Task Force (IETF), focusing on indicators of compromise (IoCs), which are observable artifacts associated with attackers.
While the effectiveness of this feature is yet to be verified by security researchers or Google, the existence of similar claims by another malware suggests that there may be an exploitable vulnerability in session cookies.
According to experts, companies are increasingly prioritizing system backups and restoration capabilities to avoid paying ransoms during cyber incidents. Companies must also report cyber incidents and notify affected individuals.
The CVE-2023-4966 vulnerability has been actively exploited by threat actors since late August, allowing them to hijack authenticated sessions and bypass strong authentication measures.
Ransomware gangs are employing various tactics to force victims to pay, including DDoS attacks and regulatory complaints, while some ransomware operators are introducing new rules to ensure larger ransom amounts and increased payout likelihood.
A ransomware attack on the Industrial and Commercial Bank of China caused failed trading rates in the U.S. Treasury market to soar to $60 billion, highlighting the potential impact of cyberattacks on financial systems.
The cyber strategy focuses on enhancing the Navy's cyber enterprise, collaborating with allies, securing critical infrastructure and weapon systems, and improving and supporting the cyber workforce, among other areas.
Korean IT company TmaxSoft has experienced a major data leak, exposing over 50 million sensitive records. The leak, which has been ongoing for two years, was discovered by Cybernews researchers.
A recent report by Synopsys reveals that there has been a decrease in vulnerabilities found in target applications, indicating that code reviews, automated testing, and continuous integration are helping to reduce programming errors.
The malware campaign known as ClearFake is now targeting Mac users by distributing fake browser updates that infect their systems with the Atomic Stealer, also known as AMOS.
The ICO is cracking down on websites that coerce visitors into accepting advertising cookies, citing concerns about targeted ads based on personal information and potential privacy violations.
Ubuntu Security Notice 6506-1 - David Shoon discovered that the Apache HTTP Server mod_macro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Prof. Sven Dietrich, Isa Jafarov, Prof. Heejo Lee, and show more ...
Ubuntu Security Notice 6505-1 - It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service.
Ubuntu Security Notice 6504-1 - It was discovered that tracker-miners incorrectly handled sandboxing. If a second security issue was discovered in tracker-miners, an attacker could possibly use this issue in combination with it to escape the sandbox.
Ubuntu Security Notice 6503-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained show more ...
Ubuntu Security Notice 6502-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered show more ...
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities.
Ubuntu Security Notice 6501-1 - It was discovered that RabbitMQ incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6497-1 - Maxim Levitsky discovered that the KVM nested virtualization implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the show more ...
Ubuntu Security Notice 6496-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered show more ...
Ubuntu Security Notice 6495-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver show more ...
Ubuntu Security Notice 6494-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not show more ...
Ubuntu Security Notice 6500-1 - Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. Joshua show more ...
Ubuntu Security Notice 6499-1 - It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information.
Ubuntu Security Notice 6498-1 - It was discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.
Red Hat Security Advisory 2023-7438-01 - An update for python-gevent is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2023-7436-01 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-7435-01 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Security Advisory 2023-7434-01 - An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7431-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7428-01 - An update for tigervnc is now available for Red Hat Enterprise Linux 7. Issues addressed include out of bounds write and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-7424-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7423-01 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7419-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7418-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7417-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.
The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake. "This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system," Malwarebytes' Jérôme Segura said in a Tuesday analysis. Atomic
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),
North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42. While the first set of attacks
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT’s meteoric rise to 100 million users within 60 days of launch, especially with little
A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix,
AI-driven voice cloning can make things far too easy for scammers – I know because I’ve tested it so that you don’t have to learn about the risks the hard way.
