A GitHub project that disables Windows Defender and firewall is generating buzz among cybersecurity researchers. Will Dormann, a senior vulnerability analyst at CERT, posted about the GitHub project on a Mastodon cybersecurity instance. “Somebody figured out the secret technique that 3rd-party AV uses to disable show more ...
Strauss Borrelli PLLC, a leading law firm known for handling data breach litigation, has launched an investigation into the recent WD & Associates data breach. WDA, based in Rhode Island, is an employee benefits brokerage firm specializing in healthcare consulting. The company assists clients in making show more ...
TRC Staffing is at the center of a concerning data breach, leaving personal information vulnerable to cybercriminals. Murphy Law Firm has taken action on behalf of the victims, investigating legal avenues for those affected by this security incident. The TRC Staffing data breach was discovered on April 12, 2024, and show more ...
Microsoft has uncovered a new “FakePenny” ransomware variant being deployed by a North Korean threat actor to target organizations in the software, information technology, education and defense industrial base sectors for both espionage and monetary gains. The threat actor, which Microsoft tracks as Moonstone show more ...
The notorious hacker group 888 has claimed responsibility for a Shell data breach targeting the British multinational oil and gas company. According to their claims, approximately 80,000 individuals could be affected by this breach across several countries, including the United States, United Kingdom, Australia, show more ...
The RansomHub group has claimed a cyberattack on PSG BANATSKI DVOR D.O.O., a gas storage services provider based in Serbia. The claims for this RansomHub cyberattack were posted on May 28, 2024, and revealed sensitive data about the organization, targeting the security of critical infrastructure and the integrity of show more ...
Fans of Bring Me The Horizon have been fervently searching for secrets and clues hidden within an 'M8 Artificial Reality game' subtly teased in a recent music video by the band. Near the video's conclusion, a character emerges, briefly greets viewers, and then abruptly instructs them to search for a show more ...
Within a mere two-day period, two major companies have allegedly fallen victim to cyberattacks. The first incident came to light on May 27, 2024, when an individual known by the alias "SpidermanData" claimed to have infiltrated Ticketmaster Entertainment, LLC, potentially exposing sensitive data of show more ...
For over two decades, Google search rankings have functioned as the internet's invisible puppeteer, dictating which websites rise to the top of search results and influencing the online landscape in profound ways. SEO professionals have tirelessly analyzed Google's every move, piecing together cryptic clues to show more ...
The First American Financial Corporation, one of the largest title insurance companies in the United States, revealed that a cyberattack in December 2023 exposed the personal information of around 44,000 people. The First American data breach disclosure was made in a filing with the U.S. Securities and Exchange show more ...
A cybersecurity threat has surfaced targeting DU Emirates Integrated Telecommunications Corporation, a major telecom provider in the UAE. On the XSS Forum, a cybercriminal known as "Ddarknotevil" has claimed to have stolen over 360 GB of data from DU. The alleged DU Emirates data breach reportedly includes show more ...
Bharat Sanchar Nigam Limited (BSNL), a prominent Indian telecommunications company, has once again found itself at the center of a massive data security breach. The BSNL data breach, orchestrated by a threat actor known as kiberphant0m, shares sensitive data about the organization, highlighting the vulnerability of show more ...
Following the seizure of the BreachForums domain and the arrest of Baphomet, its new owner ShinyHunters seems to have fully regained control over the site after a recent announcement that the forum will be open for account registration. While the domain itself appeared to have been seized back from law enforcement, show more ...
The FBI, in collaboration with international partners, has successfully dismantled the 911 S5 botnet's massive network that infected over 19 million IP addresses across 200 countries and facilitated several cybercriminal activities, including cyberattacks, financial frauds, identity theft, and child exploitation. show more ...
The U.S. Treasury Department sanctioned three Chinese nationals on Tuesday for their alleged involvement in operating the 911 S5 proxy botnet widely used for fraudulent activities, including credit card theft and Coronavirus Aid, Relief, and Economic Security program frauds. The sanctions are aimed at curbing the show more ...
The number of software vulnerabilities discovered annually continues to grow, with total vulnerabilities discovered in a year fast approaching the 30,000 mark. But its important for cybersecurity teams to identify precisely which vulnerabilities attackers are actually exploiting. Changes in the list of criminals show more ...
The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 S5 website and show more ...
Corporate admins should patch the max-severity CVE-2024-23108 immediately, which allows unauthenticated command injection.
Researchers went in-depth on an attack by the threat group, which mainly targets US companies in the education and industrial goods sectors, specifically to maximize financial gain.
The political consultant who wrote the script and paid for the deepfake audio used in robocalls was fined $6 million by the FCC.
It's unclear whether a dataset for sale on the site allegedly containing data from more than 500 million Ticketmaster users is real or just law enforcement bait.
Targeting India's government, defense, and aerospace sectors, the cyber-threat group now attacks Linux as well as Windows in its quest to compromise the Indian military's homegrown MayaOS Linux systems.
North Korea's newest threat actor uses every trick in the nation-state APT playbook, and most of cybercrime's tricks, too. It also developed a whole video game company to hide malware.
It's time to rethink the pivotal role incentives play in shaping behavior to find and disclose software vulnerabilities. More accurate guidance to reflect real-world risks and a tiered verification process to establish potential impact could slow misleading submissions.
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02.
Ubuntu Security Notice 6797-1 - It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX or Intel® TDX. This may allow a privileged local user to potentially further escalate their privileges on the system. This show more ...
Ubuntu Security Notice 6787-1 - It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting attack.
Ubuntu Security Notice 6779-2 - USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these show more ...
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on show more ...
Ubuntu Security Notice 6795-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. It was discovered that the show more ...
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
Ubuntu Security Notice 6794-1 - It was discovered that FRR incorrectly handled certain malformed BGP and OSPF packets. A remote attacker could use this issue to cause FRR to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 6792-1 - Naom Moshe discovered that Flask-Security incorrectly validated URLs. An attacker could use this issue to redirect users to arbitrary URLs.
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed "Aurora".
Red Hat Security Advisory 2024-3464-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3462-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-3461-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-3460-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-3433-03 - An update for protobuf is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Security Advisory 2024-3431-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-3428-03 - An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Security Advisory 2024-3427-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-3426-03 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-3423-03 - An update for glibc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3422-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Security Advisory 2024-3421-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-3418-03 - An update for rust is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Security Advisory 2024-3417-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-3414-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.
The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow, Dark Web Informer, and FalconFeeds revealed the site's online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters,
The U.S. Department of Justice (DoJ) has sentenced a 31-year-old man to 10 years in prison for laundering more than $4.5 million through business email compromise (BEC) schemes and romance scams. Malachi Mullings, 31, of Sandy Springs, Georgia pleaded guilty to the money laundering offenses in January 2023. According to court documents, Mullings is said to have opened 20 bank accounts in the
A recent study by Wing Security found that 63% of businesses may have former employees with access to organizational data, and that automating SaaS Security can help mitigate offboarding risks. Employee offboarding is typically seen as a routine administrative task, but it can pose substantial security risks, if not handled correctly. Failing to quickly and thoroughly remove access for
A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. "Moonstone Sleet is observed to set up fake companies and
Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index (PyPI) repository to facilitate cryptocurrency theft as part of a broader campaign. The package in question is pytoileur, which has been downloaded 316 times as of writing. Interestingly, the package author, who goes by the name PhilipsPY, has uploaded a new version of the
Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919, the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. "The vulnerability potentially allows an attacker to read certain information on
Brazilian banking institutions are the target of a new campaign that distributes a custom variant of the Windows-based AllaKore remote access trojan (RAT) called AllaSenha. The malware is "specifically aimed at stealing credentials that are required to access Brazilian bank accounts, [and] leverages Azure cloud as command-and-control (C2) infrastructure," French cybersecurity company HarfangLab
The world-renowned auction house Christie's has confirmed that it has fallen victim to a ransomware attack, seemingly orchestrated by a Russia-linked cybercriminal gang. Read more in my article on the Hot for Security blog.
What is the state of artificial intelligence in 2024 and how can AI level up your cybersecurity game? These hot topics and pressing questions surrounding AI were front and center at the annual conference.
