On January 30, security researchers published information about a vulnerability they discovered in the glibc (GNU C Library), which could potentially allow attackers elevate their privileges on Linux systems to root level. The library provides system calls and basic system functions – including syslog and vsyslog, show more ...
Episode 332 of the Kaspersky Transatlantic Cable podcast kicks off with news that, after the recent AI generated sketch, George Carlins estate has decided to pursue legal matters against the creators. From there, discussion turns to Mozillas worry about Apples new browser rules and British law makers question the show more ...
Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just filed for bankruptcy on show more ...
Everyone knows to patch vulnerabilities for Internet-facing assets, but what about internal ones? One botnet is counting on your complacency.
The initiative is aimed at promoting policy, ethics, and expansion of AI in the country.
The China-backed APT was using the botnet, made up of mostly end-of-life, patchless routers from Cisco and Netgear, to set up shop inside US critical infrastructure.
New sanctions aim to disrupt their cyber and financial operations.
Cybersecurity Maturity Model Certification (CMMC) and a harden, detect, and respond mindset are key to protecting defense and critical infrastructure companies.
The attack, associated with Shuckworm, employs TTPs observed in prior campaigns against the Ukrainian military, predominantly using PowerShell.
The threat actor behind the campaign is still unknown, but it shares some similarities with other cyptojacking groups.
It is imperative that healthcare and health-tech companies move beyond reactive measures and adopt a proactive stance in safeguarding sensitive patient information.
Threat actors linked to the People's Republic of China, such as Volt Typhoon, continue to "pre-position" themselves in the critical infrastructure of the United States, according to military and law enforcement officials.
US federal agencies have to disconnect, rebuild, and reconfigure all Ivanti Connect Secure and Policy Secure VPN appliances. This Tech Tip lists all the steps that need to happen.
TA576, a cybercriminal threat actor, has returned with tax-themed lures targeting accounting and finance organizations during the U.S. tax season, using unique attack chains and delivering Parallax RAT.
FortiGuard Labs exposed a fresh attack vector involving the FAUST ransomware, a Phobos variant. The attackers employed a Visual Basic script in an Office document to propagate FAUST. They utilized the Gitea service to store encoded files. The ransomware employs advanced evasion tactics, adds persistence, and carries an exclusion list.
Vulnerabilities in container engine components, dubbed "Leaky Vessels," pose a serious threat by allowing attackers to break out of containers and execute malicious actions on the underlying host system.
The expanding supply chain vulnerabilities and digital transformation are increasing the risk of data breaches in 2024. Threat actors may target rare earth material supply chains and leverage small-scale data manipulation for major impact.
The flaw allows attackers with arbitrary read and write capability to bypass Pointer Authentication, and it's recommended that Federal Civilian Executive Branch (FCEB) agencies apply the fixes by February 21, 2024.
The lawsuit from the New York Attorney General claims that the bank lacks sufficient security measures to prevent unauthorized transfers and fails to respond effectively when red flags are raised.
The threat actors behind the Nitrogen campaign prefer hosting their payloads on compromised WordPress sites and have a known connection to ransomware, making it a serious threat to businesses.
The Grandoreiro malware can track keyboard inputs, simulate mouse activity, and initiate communication with criminals’ servers, making it a potent threat to banking activities.
The Network Contagion Research Institute (NCRI) has found that teenagers from Western English-speaking countries are increasingly targeted by financial sextortion attacks conducted by Nigeria-based cybercriminals, known as 'Yahoo Boys.'
According to a survey by Snyk, over three-quarters of developers are bypassing established protocols to use AI-powered code completion tools, raising concerns about security implications.
The proposed regulation would impose compliance costs on IaaS providers, including data retention and record-keeping requirements, potentially costing up to $170 million annually for affected companies.
The leak included passports, player contracts, and personal data, potentially affecting every Australian football fan. Cybersecurity experts believe the breach was likely due to human error, and the FA is investigating the matter.
The U.S. government has observed a decrease in scam-oriented international robocalls reaching Americans, indicating improved efforts by telecom gateway providers to block fraudulent voice-call spamming.
Chris Larsen's personal XRP accounts were compromised, but Ripple was not impacted. The fraudulent activity was quickly detected, and the affected address was frozen with the help of other exchanges.
While the financial impact on Progress Software from the MOVEit zero-day vulnerability has been minimal so far, the firm is still dealing with 118 class-action lawsuits and formal government investigations, including subpoenas from the SEC and FTC.
Ivanti has discovered two new vulnerabilities in its Policy Secure and Connect Secure VPN products, impacting U.S. government and other industries. One is an unauthorized access issue, while the other allows privilege escalation.
According to Corvus, the number of active ransomware groups grew by 34% between Q1 and Q4 2023, linked to the fracturing of well-known ransomware groups that leaked their proprietary encryptors.
The Department of Defense is investigating claims by the ransomware group ALPHV that they have stolen sensitive data related to the U.S. military, including information from the Defense Counterintelligence and Security Agency.
The Italian data protection authority has notified OpenAI, the maker of ChatGPT, of potential violations of the EU's GDPR privacy laws. The issues include collecting personal data, age protections, and potential exposure of sensitive information.
The ransomware, named "grinchv3," self-copies itself to the startup folder for persistence, encrypts user data using the Fernet symmetric key encryption algorithm, and adds a pop-up message after encryption.
The company's ongoing investigation and remediation efforts are focused on containing the unauthorized activity and assessing the impact on data, with no observed evidence of impact on its digital products and solutions.
The new version, HeadCrab 2.0, employs advanced evasion techniques and uses the Redis MGET command for command-and-control communications, making it more difficult to detect.
Faction is an open-source solution designed to streamline penetration testing report generation and assessment collaboration, aiming to save time, reduce stress, and improve information security workflows.
Security researchers suggest that the fake data may not have been generated using artificial intelligence, as claimed, but rather through existing projects that can create realistic-looking data.
Incognia, a San Jose-based company specializing in location identity solutions, has raised $31M in Series B funding led by Bessemer Venture Partners, with participation from FJ Labs and existing investors.
The vulnerability can be leveraged by an attacker with local network access, and until Microsoft issues a patch, users can implement micropatches provided by Acros to mitigate the risk.
Tel Aviv-based Aim Security has raised $10 million in seed funding for its new GenAI security platform, led by YL Ventures and including participation from Cyber Club London and angel investors.
A local privilege elevation flaw (CVE-2023-45779) affecting several Android OEMs was discovered and addressed in the December 2023 security update, highlighting weaknesses in APEX module signing using test keys.
The defendants used credential stuffing techniques to compromise accounts, sell access to them, and devised a method for buyers to withdraw funds, resulting in millions of dollars in illicit gains.
The Foreign Ministry of Canada has been hit by a cyberattack, leading to the closure of remote access to its network. Hackers gained access to personal data, and experts suspect a foreign country, possibly Russia or China, to be behind the attack.
Hackers breached the Romanian Chamber of Deputies' database and obtained confidential information, including the prime minister's identity documents and medical analyses. They threatened to release the data unless they received a ransom of $34,000.
The Institute of Chartered Accountants in England and Wales (ICAEW) and the National Cyber Security Centre (NCSC) are leading a task force with other organizations to improve the security of corporate finance deals.
The acquisition will enable organizations to benefit from Laiyer AI's LLM Guard software, which detects, redacts, and sanitizes inputs and outputs from LLMs with lower latency, while also supporting open source contributions.
The new system introduces changes such as splitting attack complexity into two parameters and categorizing user interaction into three levels, offering a more nuanced and comprehensive assessment of vulnerabilities.
Ubuntu Security Notice 6620-1 - It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges.
Ubuntu Security Notice 6619-1 - Rory McNamara discovered that runC did not properly manage internal file descriptor while managing containers. An attacker could possibly use this issue to obtain sensitive information or bypass container restrictions.
Ubuntu Security Notice 6587-4 - USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. show more ...
Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling. Apache Tomcat versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 are vulnerable.
GlobalScape Secure FTP Server version 3.0 remote denial of service exploit.
Red Hat Security Advisory 2024-0629-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 7. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-0628-03 - An update for libssh is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-0627-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-0626-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-0625-03 - An update for libssh is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-0619-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.
Red Hat Security Advisory 2024-0618-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.
Red Hat Security Advisory 2024-0617-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-0489-03 - Red Hat OpenShift Container Platform release 4.12.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-0485-03 - Red Hat OpenShift Container Platform release 4.12.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.
This archive contains all of the 140 exploits added to Packet Storm in January, 2024.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component. "An attacker with
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices. This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE. "CHAINLINE is a Python web shell backdoor that is
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today. "The attacker escapes this container and runs multiple payloads on the
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign. The existence of the botnet, dubbed KV-botnet, was first disclosed by the Black Lotus Labs team at
How’s your vulnerability management program doing? Is it effective? A success? Let’s be honest, without the right metrics or analytics, how can you tell how well you’re doing, progressing, or if you’re getting ROI? If you’re not measuring, how do you know it’s working? And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world since early September 2021. The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security
The iPhone security setting that you should enable right now, the worrying way that AI is predicting what criminals look like, and we play a game of face fake or real... All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group
Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Cyber criminals are weaponizing advanced tactics, including intricate social engineering campaigns, to carry out malicious activities. Last year, social engineering attempts rose by 464%. Often a result of social engineering attempts, ransomware show more ...
Source: www.lastwatchdog.com – Author: bacohido San Francisco, Calif., Jan. 31, 2024 – Reken, an AI & cybersecurity company, today announced the close of its $10M oversubscribed seed round, led by Greycroft and FPV Ventures. Other investors in the round include Firebolt Ventures, Fika Ventures, Omega show more ...
Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido There’s no denying that castle walls play a prominent role in the histories of both military defense, going back thousands of years, and — as of the start of the current millennia — in cybersecurity. Related: How Putin has weaponized show more ...
Source: www.infosecurity-magazine.com – Author: 1 Pawn Storm, an advanced persistent threat (APT) actor also known as APT28, has been targeting high-value entities globally, employing a range of techniques since at least 2004. Despite relying on seemingly outdated methods like decade-old phishing campaigns, show more ...
Source: www.infosecurity-magazine.com – Author: 1 The EU has adopted its first Cybersecurity Certification scheme as part of efforts to boost cybersecurity of IT products and services across member states. The European Cybersecurity Scheme on Common Criteria (EUCC) was drafted by the European Union Agency for show more ...
Source: www.infosecurity-magazine.com – Author: 1 A new bipartisan bill proposed by two US Senators looks to bolster the cybersecurity of the food and agriculture sector. If successful, the bill will lead to the Farm and Food Cybersecurity Act. The bill aims to identify cybersecurity vulnerabilities in the show more ...
Source: www.infosecurity-magazine.com – Author: 1 A substantial 91% of runtime scans are failing within organizations, signaling a significant reliance on identifying issues rather than preventing them, according to Sysdig’s latest report. The new research also revealed that 69% of enterprises have yet to show more ...
Source: www.infosecurity-magazine.com – Author: 1 The US government has announced sanctions against two Egyptian IT experts for providing cybersecurity support and training to the terrorist organization ISIS. The Egyptian nationals also enabled ISIS to use cryptocurrency and assisted the group’s online show more ...
Source: www.infosecurity-magazine.com – Author: 1 New York’s attorney general, Letitia James, yesterday launched legal action against one of America’s biggest banks for allegedly failing to adequately protect and reimburse customers who fell victim to online fraud. She argued that Citibank should pay back show more ...
Source: www.infosecurity-magazine.com – Author: 1 Two of the UK’s leading accounting and security bodies are teaming up with others to launch a new taskforce today designed to help organizations improve the security of their corporate finance deals. The initiative is led by the Institute of Chartered show more ...
Source: www.schneier.com – Author: Bruce Schneier In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary show more ...
Source: www.darkreading.com – Author: PRESS RELEASE TEL AVIV, Israel–(BUSINESS WIRE)–Aim Security, an Israeli cybersecurity startup offering enterprises a holistic, one-stop shop GenAI security platform, today announced $10 million in seed funding. The round was led by YL Ventures, with show more ...
Source: www.darkreading.com – Author: PRESS RELEASE Woburn, MA – January 31, 2024 — Kaspersky today releases its Industrial Control Systems Cyber Emergency Response Team (ICS CERT) predictions for 2024, outlining the key cybersecurity challenges facing industrial enterprises in the year ahead. The show more ...
Source: www.darkreading.com – Author: PRESS RELEASE San Jose, CA – Jan 31, 2024, at 10:00 am ET – Today, Incognia, the innovator in location identity solutions, is announcing it has closed $31MM in Series B funding led by Bessemer Venture Partners, with participation from FJ Labs and existing show more ...
Source: www.darkreading.com – Author: Becky Bracken, Editor, Dark Reading Source: Mykola Lytvynenko via Alamy Stock Photo The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say — and ransomware misinformation is a threat they predict will only grow in the coming show more ...
Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading 1 Min Read Source: Allen Creative / Steve Allen via Alamy Stock Photo As Fulton County in Georgia continues to experience a cyberattack and a power outage, government systems are offline, and it’s unknown when show more ...
Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Jack Sullivan via Alamy Stock Photo Researchers have uncovered a set of four vulnerabilities in container engine components that they dubbed “Leaky Vessels,” three of which give attackers a way to break out of containers show more ...
Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading 1 Min Read Source: Chroma Craft Media Group via Alamy Stock Photo Johnson Controls International (JCI) spent $27 million remediating a September 2023 ransomware attack on its systems — an attack that government officials show more ...
Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Source: imageBROKER via Alamy Stock Photo Ivanti has finally begun patching a pair of zero-day security vulnerabilities disclosed on Jan. 10 in its Connect Secure VPN appliances. However, it also announced two additional bugs show more ...
Source: www.darkreading.com – Author: Alicia Buller, Contributing Writer Source: Brian Jackson via Alamy Stock Photo Hundreds of network operator credentials stolen via compromised RIPE accounts were recently discovered on the Dark Web. RIPE, the database for IP addresses and their owners for every country in show more ...
Source: heimdalsecurity.com – Author: Cristian Neagu The Importance of Choosing the Right Privilege Identity Management Solution The essence of effective Privileged Identity Management (PIM) lies not in identity or management but in privilege. A robust PIM system focuses on identifying those who should, and show more ...
Source: heimdalsecurity.com – Author: Livia Gyongyoși Cactus Ransomware claims responsibility for the January 17th Schneider Electric data breach. Schneider Electric confirms hackers got access to their Resource Advisor cloud platform. The French-based energy giant says the attack only hit their Sustainability show more ...
Source: thehackernews.com – Author: . Feb 01, 2024NewsroomCryptocurrency / Botnet Cybersecurity researchers have detailed an updated version of the malware HeadCrab that’s known to target Redis database servers across the world since early September 2021. The development, which comes exactly a year show more ...
Source: thehackernews.com – Author: . How’s your vulnerability management program doing? Is it effective? A success? Let’s be honest, without the right metrics or analytics, how can you tell how well you’re doing, progressing, or if you’re getting ROI? If you’re not measuring, how show more ...
Source: thehackernews.com – Author: . Feb 01, 2024NewsroomNetwork Security / Malware Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and show more ...
Source: thehackernews.com – Author: . Feb 01, 2024NewsroomVulnerability / Software Update The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on show more ...
