The renowned American multinational fast-food chain, Subway, finds itself in an alleged cyber catastrophe. The LockBit ransomware gang has asserted responsibility for the Subway data breach, targeting the internal database, and leading to the compromise of sensitive information, including employee salaries, franchise show more ...
In a recent update on the notorious LockBit ransomware group’s dark web portal, the threat actor proudly announced the addition of three new victims to their list of compromised entities. The victims identified in this latest LockBit ransomware attack are TV Jahn Rheine in Germany, Home Waremmien in Belgium, and show more ...
Finnish IT services and enterprise cloud hosting provider Tietoevry has fallen victim to a ransomware attack, impacting cloud hosting customers in one of its data centers in Sweden. The Tietoevry cyberattack occurred during the night of Jan 19-20, affecting services for customers in Sweden. While overall Tietoevry show more ...
Monobank, Ukraine’s largest mobile-only bank, faced a barrage of denial of service (DDoS) attacks on January 21, crippling its operations and causing widespread disruption. Co-founder and CEO Oleh Horokhovskyi took to Telegram to confirm the Monobank cyberattack, revealing that the bank was targeted with a show more ...
The BianLian ransomware group has claimed three new victims, adding them to their dark web portal. The targeted organizations include North Star Tax and Accounting, KC Pharmaceuticals, and Martinaire, all based in the United States. However, details regarding the extent of the BianLian ransomware attack, data show more ...
Even the most careful VMware customers may need to go back and double check that they weren't compromised by a zero-day exploit for CVE-2023-34048.
Thousands of vulnerable servers may be open to cyberattacks exploiting the max-severity CVE-2023-46604 bug.
Based on fresh infection routines the APT is testing, it's looking to harvest threat intelligence in order to improve operational security and stealth.
A new Omdia survey shows a rapid increase in generative AI adoption for security
Dissemination of false information, often with the intent to deceive, has become a pervasive issue amplified by artificial intelligence (AI) tools.
The company, Modern Solutions, had misconfigured a cloud database, but argues the contractor could only have found the password through insider knowledge.
Russian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs.
The agreement to enable future sharing of information and experience is part of a spate of inter-country threat intelligence agreements that Israel is signing, as war-related attacks ramp up.
Researchers have found strong links between the 3AM ransomware and the Conti syndicate through analysis of their infrastructure, communication channels, and attack tactics.
Two tech advocacy groups are urging the FTC to investigate Google for allegedly failing to delete sensitive location data as promised, potentially violating privacy and putting individuals at risk.
A critical vulnerability in Apache ActiveMQ (CVE-2023-46604) is being actively exploited by threat actors to deploy various malicious payloads, including ransomware and DDoS botnets.
The FTC has settled with a data broker, InMarket Media, for improperly collecting and selling consumers' location data without informed consent, signaling increased scrutiny of data brokers.
There are differing opinions on whether the CSRB should be granted subpoena powers, with concerns about potential conflicts of interest and adversarial relationships with the private sector.
The Money Message ransomware gang claimed responsibility for stealing 600GB of data from Anna Jaques Hospital, highlighting the ongoing threat to healthcare institutions.
A security researcher in Germany was fined €3,000 ($3,300) for uncovering and reporting a serious e-commerce database vulnerability. The vulnerability exposed almost 700,000 customer records due to a plaintext password stored in the software.
Finnish IT services and cloud hosting provider Tietoevry was hit by a ransomware attack, affecting a data center in Sweden and causing outages for multiple customers, including Filmstaden, Rusta, Moelven, and Grangnården.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Environmental Protection Agency (EPA) and the FBI, has issued a warning about increased cyberthreats targeting water and wastewater systems.
The incident is suspected to be linked to the outsourcing of IT and HR services to Civica through the East Kent Services partnership, raising concerns about the potential impact on data and services.
The agency's Joint Cyber Defense Collaborative gathers information to alert potential ransomware victims early on. CISA also assisted a Fortune 500 company and a mass transit operator in preventing significant ransomware attacks.
Subway's internal system, containing hundreds of gigabytes of data, has allegedly been compromised by the ransomware group. The group has given Subway a deadline to protect the stolen data, and it is currently unknown what ransom they have demanded.
The 'Standard' fingerprinting protection mode in Brave Browser will be enhanced to provide strong privacy protection while maintaining better compatibility with websites.
The French regulator found that Yahoo had deposited at least 20 advertising cookies without obtaining proper consent, affecting more than 5 million consumers over 21 months.
The hacking forum facilitated the exchange of illicit data and access devices, leading to the arrest of Pompompurin and the closure of RaidForums in a law enforcement operation.
A series of denial of service (DDoS) attacks hit Monobank, Ukraine's largest mobile-only bank, with the CEO confirming a staggering 580 million service requests during one attack.
The Parrot TDS consists of landing scripts and payload scripts, with the former profiling the victim's web browser and the latter directing the browser to malicious content.
The renowned denim brand DENHAM the Jeanmaker confirmed that it fell victim to a cyberattack by the Akira ransomware group, with the incident being discovered on December 27, 2023.
The Zloader static configuration is now encrypted using RC4 with a hardcoded alphanumeric key, and the network encryption employs 1,024-bit RSA with RC4 and the Zeus "visual encryption" algorithms.
Cybercriminals, including one known as Naraka, are targeting Thai e-commerce, fintech, and government bodies to obtain PII for fraudulent activities. The frequency of attacks has this year, with 14 significant data breaches reported in January alone.
This Metasploit module exploits a command injection vulnerability in MajorDoMo versions before 0662e5e.
This Metasploit module chains an authentication bypass vulnerability and a command injection vulnerability to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x prior to the vendor mitigation are vulnerable. It is unknown if unsupported versions 8.x and below are also vulnerable.
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network show more ...
Gentoo Linux Security Advisory 202401-26 - Multiple vulnerabilities have been found in Apache XML-RPC, the worst of which could result in arbitrary code execution. Versions less than or equal to 3.1.3 are affected.
Ubuntu Security Notice 6587-2 - USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An show more ...
Ubuntu Security Notice 6591-1 - Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility.
EzServer version 6.4.017 remote denial of service exploit.
xbtitFM versions 4.1.18 and below suffer from remote shell upload, remote SQL injection, and path traversal vulnerabilities.
Golden FTP Server version 2.02b remote denial of service exploit.
In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3 addresses this issue.
TrojanSpy Win32 Nivdort malware suffers from an insecure permissions vulnerability.
ProSysInfo TFTP Server TFTPDWIN version 0.4.2 remote denial of service exploit.
Red Hat Security Advisory 2024-0310-03 - An update for openssl is now available for Red Hat Enterprise Linux 9.
Red Hat Security Advisory 2024-0273-03 - Red Hat OpenShift Virtualization release 4.12.9 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-0271-03 - There is a moderate update for the the Logging Subsystem 5.8.2. Red Hat OpenShift security update.
Red Hat OpenShift security update. Issues addressed include a file disclosure vulnerability.
Red Hat Security Advisory 2024-0204-03 - Red Hat OpenShift Container Platform release 4.14.9 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-0198-03 - Red Hat OpenShift Container Platform release 4.12.47 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-0193-03 - An update is now available for Red Hat OpenShift Container Platform 4.13.
In an exclusive statement to The Cyber Express team, DENHAM the Jeanmaker, the renowned denim brand founded in Amsterdam in 2008, confirmed falling victim to a cyberattack. The denim giant disclosed that the DENHAM cyberattack was first discovered on December 27, 2023. Subsequently, The Cyber Express (TCE) reported show more ...
The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their location information for advertising and marketing purposes. "InMarket will also be prohibited from
Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners," Trustwave said. "Notably, despite the binary's unknown file
We analyzed 2,5 million vulnerabilities we discovered in our customer’s assets. This is what we found. Digging into the data The dataset we analyze here is representative of a subset of clients that subscribe to our vulnerability scanning services. Assets scanned include those reachable across the Internet, as well as those present on internal networks. The data includes findings for network
Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher Gurumoorthi Ramanathan said in an analysis published last week. The ZIP file contains
Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know whether an attack was being performed
US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). Read more in my article on the Tripwire State of Security blog.
Source: www.bleepingcomputer.com – Author: Lawrence Abrams Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang. Tietoevry is show more ...
Source: www.bleepingcomputer.com – Author: Lawrence Abrams A widespread Facebook phishing campaign stating, “I can’t believe he is gone. I’m gonna miss him so much,” leads unsuspecting users to a website that steals your Facebook credentials. This phishing attack is ongoing and widely show more ...
Source: www.bleepingcomputer.com – Author: Bill Toulas Brave Software has announced plans to deprecate the ‘Strict’ fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly. Fingerprinting protection in Brave Browser is a feature show more ...
Source: www.bleepingcomputer.com – Author: Bill Toulas A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data. According to the original report by Heise, the show more ...
Source: securityboulevard.com – Author: Marc Handelman Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the show more ...
Source: securityboulevard.com – Author: Chris Pierson The importance of data privacy continues to grow exponentially. We recognize this critical need and are excited to kick off Data Privacy Week, a dedicated time to focus on the ways we can protect our personal information online. This week is not just about show more ...
Source: securityboulevard.com – Author: Lohrmann on Cybersecurity The 54th Annual Meeting of The World Economic Forum took place in Davos, Switzerland, this past week, and cybersecurity and AI were again top topics. Here are some highlights. January 21, 2024 • Dan Lohrmann Adobe Stock/immimagery How can we show more ...
Source: securityboulevard.com – Author: girishwallarm In today’s complex digital landscape, the security of APIs has become paramount. As we move into 2024, it’s essential to stay ahead of the evolving API security threats and vulnerabilities. The upcoming webinar on “API ThreatStats™ Report: 2023 show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell Researchers warn of a spike in attacks exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell. Trustwave researchers observed a surge in attacks show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web Resecurity researchers warn of massive leak of stolen Thai personally identifiable information (PII) on the dark web by cybercriminals. Resecurity has detected a noticeable show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Backdoored pirated applications targets Apple macOS users Researchers warned that pirated applications have been employed to deliver a backdoor to Apple macOS users. Jamf Threat Labs researchers warned that pirated applications have been utilized to show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini LockBit ransomware gang claims the attack on the sandwich chain Subway The LockBit ransomware gang claimed to have hacked Subway, the American multinational fast food restaurant franchise. Subway IP LLC is an American multinational fast-food show more ...
Source: www.govinfosecurity.com – Author: 1 Endpoint Detection & Response (EDR) , Endpoint Security , Managed Detection & Response (MDR) Presented by Palo Alto Networks 60 minutes In an era where cyber threats like Ransomware are evolving at unprecedented speed, scale and sophistication, show more ...
Source: www.infosecurity-magazine.com – Author: 1 A leading US security agency has issued an emergency directive requiring all of the government’s civilian federal agencies to mitigate two zero-days under active exploitation. Emergency Directive 24-01 was issued on Friday in response to “widespread and show more ...
Source: www.infosecurity-magazine.com – Author: 1 Russian state hackers managed to compromise the email accounts of some of Microsoft’s senior leadership team, using basic brute-force techniques, the tech giant has admitted. Microsoft revealed on Friday that the “Midnight Blizzard” group (aka Nobelium, show more ...
Source: thehackernews.com – Author: . The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from show more ...
Source: thehackernews.com – Author: . Jan 22, 2024NewsroomVulnerability / Malware Cybersecurity researchers are warning of a “notable increase” in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. “The show more ...
