Using cracked games or apps to spread malware is one of cybercriminals oldest tricks. Incredible as it may sound, gullible victims who believe in Robin Hoods and consider downloading cracked software and games from pirating websites to be absolutely safe still exist in 2024. The type of threat itself may be old, but show more ...
The IntelBroker hacker group has claimed responsibility for a potential cyberattack on a popular (undisclosed) mobile banking app boasting over 10 million users. The threat actor, known for their prowess in exploiting vulnerabilities, posted details of the exploit on a hacker forum on Saturday, January 27, 2024. The show more ...
The NoName group claims to have launched a sophisticated cyberattack on multiple high-profile websites in the Netherlands. The targeted organizations listed in the claimed NoName cyberattack include OV-chipkaart, the Municipality of Vlaardingen, the Dutch Tax Office (Belastingdienst), and GVB, raising concerns due to show more ...
The pro-Israeli hacktivist group, R00TK1T ISC Cyber Team, has allegedly targeted Malaysian entities, marking their first cyberattack on Aminia. The group claims to have compromised Aminia’s billing and Managed WiFi services portals, hinting at a potential data breach. The attack follows the group’s show more ...
Technica? Europcar? Cybercriminals are increasingly bluffing about ransomware attacks, and the cybersecurity community is helping by spreading their lies.
A monitoring exercise identified user details in 716 compromised RIPE NCC accounts, plus other valuable credentials belonging to those victims.
The initiative has named the first eight companies approved to cyber-secure the Dubai government.
County services have come to a halt and are not expected to resume until next week; no threat actor has yet been identified.
Both China-backed APTs and ordinary cyberattackers have seized on a pair of Ivanti VPN bugs for global exploitation.
JCI's latest SEC filing notes that its smart-factory installations weren't compromised, allaying physical security fears.
In today's environments, security can be a revenue enabler, not just a cost center. Organizations should take advantage of the opportunities.
The four security vulnerabilities are found in Docker and beyond, and one affecting runC affects essentially every cloud-native developer worldwide.
The Russians are engaged in widespread influence operations designed to erode trust, increase polarization, and threaten democratic processes around the globe.
The RCE/auth bypass bugs in Connect Secure VPNs have gone unpatched for 20 days as state-sponsored groups continue to backdoor Ivanti gear.
Privileged access management (PAM) is notoriously difficult to deploy and companies' increasing use of cloud has made it even more complex.
The Mustang Panda group utilized legitimate software and phishing emails to deploy malicious DLLs and backdoors, disguising command-and-control traffic as Microsoft update traffic.
ChatGPT users' private conversations were leaked due to unauthorized logins from a different location, highlighting the need for better security measures such as 2FA and IP tracking.
White Phoenix attempts to recover data through automated restoration methods and may help restore valuable files for ransomware victims, providing a potential option for those affected by certain ransomware strains.
The ransomware appends a random 8-character alphanumeric extension to encrypted files and its DLS, titled “MYDATA,” is considered unstable and frequently offline, indicating the group is still in the process of setting up operations.
The __vsyslog_internal() function in glibc has also been found to contain two more flaws (CVE-2023-6779 and CVE-2023-6780) and a separate bug in the qsort() function, affecting all glibc versions since 1992.
The latest update also addressed four medium-severity flaws, including issues related to regular expression denial-of-service, HTML injection, and disclosure of user's public email address via the tags RSS feed.
Businesses with five to 20 employees were the most impacted, especially those in the industrial sector. The field of commerce reported the fewest cyberattacks, with only 3% of businesses being affected.
The attackers exploit default settings in Teams to send over 1,000 malicious chat invites. Once the attachment is downloaded, the malware connects to a command-and-control server.
The attack, IOActive explains, was possible due to a vulnerability in the ATM’s software update mechanism that could allow an attacker to supply their own malicious file and trigger legitimate processes for code execution.
The KrustyLoader malware, identified in the analysis, is designed to download and execute a Sliver backdoor written in GoLang, indicating APT-level sophistication in these attacks.
Security step-ups should only be used for higher-risk scenarios and should be implemented in a user-friendly manner to maintain a balance between security and user experience.
An ongoing cyberattack against Georgia’s Fulton County, which includes parts of Atlanta, has brought some of the government’s systems to a standstill, halting access to court filings, tax processing, and other services.
Pawn Storm, aka APT28 and Forest Blizzard, has been employing anonymization layers, such as VPN services and compromised EdgeOS routers, to hide its tracks and carry out sophisticated attacks.
The threat actor deploys the EMPTYSPACE downloader and the QUIETBOARD backdoor to execute commands, alter crypto wallet addresses, take screenshots, and propagate the malware.
Unit 42 researchers discovered a large-scale campaign dubbed ApateWeb, which uses over 130,000 domains to distribute scareware, potentially unwanted programs (PUPs), and other scam pages.
The leaked information included names, email addresses, trading activity, passwords, and other personal details. Additionally, the company's outreach team's internal comments were exposed.
XenForo versions 2.2.13 and below suffer from a zip slip filename traversal vulnerability in ArchiveImport.php.
Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.
Gentoo Linux Security Advisory 202401-33 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution. Versions greater than or equal to 2.42.2:4 are affected.
TELSAT marKoni FM Transmitter version 1.9.5 allows an unauthorized user to change passwords.
TELSAT marKoni FM Transmitter version 1.9.5 implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations.
TELSAT marKoni FM Transmitter version 1.9.5 has a hidden super administrative account factory that has the hardcoded password inokram25 that allows full access to the web management interface configuration.
TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to gain unauthorized show more ...
Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August 2022).
Qualys discovered a memory corruption in the glibc's qsort() function, due to a missing bounds check. To be vulnerable, a program must call qsort() with a nontransitive comparison function (a function cmp(int a, int b) that returns (a - b), for example) and with a large number of attacker-controlled elements (to show more ...
Debian Linux Security Advisory 5611-1 - The Qualys Research Labs discovered several vulnerabilities in the GNU C Library's __vsyslog_internal() function (called by syslog() and vsyslog()). A heap-based buffer overflow (CVE-2023-6246), an off-by-one heap overflow (CVE-2023-6779) and an integer overflow (CVE-2023-6780) can be exploited for privilege escalation or denial of service.
Gentoo Linux Security Advisory 202401-32 - Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution. Versions greater than or equal to 3.2.0 are affected.
Trojan.Win32 BankShot malware suffers from a buffer overflow vulnerability.
Ubuntu Security Notice 6591-2 - USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last update. This update updates the fix and aligns with the latest configuration guidelines regarding this vulnerability.
War-FTPD version 1.65 remote denial of service exploit.
Solar FTP Server version 2.1.1 remote denial of service exploit.
Gentoo Linux Security Advisory 202401-31 - Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation. Versions greater than or equal to 1.6.14 are affected.
Gentoo Linux Security Advisory 202401-30 - Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation or remote code execution. Versions greater than or equal to 21.1.11 are affected.
Ubuntu Security Notice 6609-2 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS show more ...
Ubuntu Security Notice 6617-1 - It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 show more ...
A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and assigned CVE-2023-37679. show more ...
Ubuntu Security Notice 6618-1 - It was discovered that Pillow incorrectly handled certain long text arguments. An attacker could possibly use this issue to cause Pillow to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. Duarte Santos discovered that show more ...
Ubuntu Security Notice 6587-3 - USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. show more ...
Ubuntu Security Notice 6616-1 - It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6615-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.36 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The latest stable version is the 3.2 series supported until 23rd November 2025.
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have been accidentally
Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-21888 (CVSS score: 8.8) - A privilege escalation vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and
The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them. The new cybersecurity mandates make no distinction between data exposed in a breach that was stored on-premise, in the
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics. "UNC4990 operations generally involve widespread USB infection followed by the deployment of the
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk. "These container
A 33-year-old man has been sentenced to two years in prison after admitting his part in a series of ransomware and malware attacks that hit more than one thousand individuals, businesses, and organisations — including three police departments. Read more in my article on the Hot for Security blog.
An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes
Source: thehackernews.com – Author: . Jan 30, 2024NewsroomCyber Crime / Malware A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil said it served five temporary arrest warrants and 13 search and show more ...
Source: thehackernews.com – Author: . Jan 30, 2024NewsroomDevSecOps / Vulnerability GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace. Tracked as show more ...
Source: thehackernews.com – Author: . Jan 30, 2024NewsroomMalware / Cyber Espionage The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar’s Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. show more ...
Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments tfb • January 30, 2024 5:05 PM I do wonder whether the remaining colossi were really still useful in the 1960s. I suppose they must have been but that’s well into the era of transistor computers. Clive Robinson • January 30, 2024 7:04 PM show more ...
Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments whoops • January 30, 2024 7:58 AM The problem is partly the legality of the NSA buying this. The real problem is that these data can be bought. Or: if it is illegal for the NSA to buy these data, why should it be legal to (hoard […] La show more ...
Source: www.govinfosecurity.com – Author: 1 Fraud Management & Cybercrime , Ransomware Manufacturer Confirms Systems Down, Data on Energy Consumption, Emission Accessed Cal Harrison • January 30, 2024 A Schneider Electric facility in Houston, Texas (Image: Shutterstock) Schneider Electric built its show more ...
Source: www.govinfosecurity.com – Author: 1 Governance & Risk Management , Patch Management Approximately 45,000 Vulnerable Servers Worldwide Mihir Bagwe (MihirBagwe) , Prajeet Nair (@prajeetspeaks) • January 30, 2024 Hacker are searching for vulnerable Jenkins servers. (Image: Jenkins Project) show more ...
Source: www.govinfosecurity.com – Author: 1 Boyu Wang Principal Data Scientist, Snowflake Boyu Wang is a Principal Data Scientist at Snowflake where he designs, architects, as well as implements next generation machine learning systems for corporate I.T. automation, anomaly detection for security, user and show more ...
Source: www.govinfosecurity.com – Author: 1 Artificial Intelligence & Machine Learning , General Data Protection Regulation (GDPR) , Next-Generation Technologies & Secure Development City of Trento Must Pay Regulators 50,000 Euros Akshaya Asokan (asokan_akshaya) • January 30, 2024 The city of show more ...
Source: www.govinfosecurity.com – Author: 1 Cloud Security , Security Operations Rule Is a Bid to Deter Malicious Foreign Use of US IaaS Providers Chris Riotta (@chrisriotta) • January 30, 2024 The U.S. Department of Commerce is moving forward with regulations for a “know your customer” show more ...
Source: www.securityweek.com – Author: Associated Press Italian regulators told OpenAI that its ChatGPT artificial intelligence chatbot has violated GDPR. The post ChatGPT Violated European Privacy Laws, Italy Tells Chatbot Maker OpenAI appeared first on SecurityWeek. Original Post URL: https://www.securityweek. show more ...
Source: www.securityweek.com – Author: Kevin Townsend Anyone who believes ransomware will go away doesn’t understand the nature of criminality. Extortion has and always will be a primary criminal business plan. The post The Ransomware Threat in 2024 is Growing: Report appeared first on SecurityWeek. Original show more ...
Source: www.securityweek.com – Author: Ionut Arghire A massive database containing the information of 85% of the Indian population has emerged on the dark web. The post Data of 750 Million Indian Mobile Subscribers Sold on Hacker Forums appeared first on SecurityWeek. Original Post URL: https://www.securityweek. show more ...
Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading 2 Min Read Source: Peter Etchells via Alamy Stock Photo Attackers are using a pair of critical zero-day vulnerabilities in Ivanti VPNs to deploy a Rust-based set of backdoors, which in turn download a backdoor malware dubbed show more ...
Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Nate Hovee via Shutterstock Schneider Electric has fallen victim to a cyberattack affecting its Sustainability Business division, and reports thus far have attributed it to a rising ransomware operation called “Cactus.” show more ...
Source: www.darkreading.com – Author: Dark Reading Staff Source: GK Images via Alamy Stock Photo In an effort to comply with the European Union’s Digital Markets Act (DMA), Apple is making changes to iOS, Safari, and the App Store that would open up its walled garden to support third-party app stores (and show more ...
Source: www.darkreading.com – Author: PRESS RELEASE HERNDON, Va.–(BUSINESS WIRE)– Forcepoint Federal announced today that it has rebranded as Everfox to reflect its next chapter as a trailblazer in developing and delivering defense-grade cybersecurity technology. Under the new name and brand show more ...
Source: www.darkreading.com – Author: PRESS RELEASE SAN JOSE, Calif. – January 30, 2024 – Research commissioned by Cohesity, a leader in AI-powered data security and management, reveals today’s pervasive cyberattacks are forcing the majority of companies to pay ransoms and break their ‘do not pay’ show more ...
Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer 3 Min Read Source: Weitwinkel via Shutterstock The US government, in collaboration with private sector stakeholders, has been quietly working to disrupt the attack infrastructure of “Volt Typhoon,” a dangerous China-linked threat show more ...
Source: securelist.com – Author: Evgeny Goncharov Kaspersky Security Bulletin We do not expect rapid changes in the industrial cyberthreat landscape in 2024. Most of the below-described trends have been observed before, many for some years. However, some of them have reached a critical mass of creeping changes, show more ...
Source: thehackernews.com – Author: . Jan 31, 2024NewsroomCryptocurrency / Cybersecurity A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple show more ...
Source: thehackernews.com – Author: . The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps show more ...
Source: thehackernews.com – Author: . Jan 31, 2024NewsroomCyber Attack / Network Security A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that’s used to drop the show more ...
