Microsoft researchers have observed multiple ransomware operators exploiting a recently patched vulnerability in ESXi hypervisors to gain full administrative control over domain-joined ESXi servers. This flaw, tracked as CVE-2024-37085, grants these threat actors the ability to encrypt file systems and disrupt show more ...
The U.S. Department of Justice has asked an appeals court to reject legal challenges to a law requiring ByteDance, TikTok's Chinese parent company, to divest its U.S. assets by January 19 or face a ban. The move by the Department of Justice is the latest development in the ongoing battle over the controversial show more ...
Threat intelligence visibility for CEOs is a top priority and not just a need, why? In today’s complex threat landscape, chief executive officers increasingly recognize the pivotal role of threat intelligence in safeguarding their organizations. However, effectively integrating threat intelligence into the broader show more ...
A U.S. appeals court has nullified a $78 million legal fee award for plaintiffs’ lawyers who negotiated a $350 million settlement with T-Mobile stemming from a 2021 data breach. T-Mobile agreed to pay $350 million and spend an additional $150 million to upgrade data security to settle litigation over a show more ...
As we reflect on the Singapore cyber landscape of 2023, it's evident that the year presented both heightened challenges and notable advancements in cybersecurity. Global trends significantly influenced local practices and vulnerabilities, highlighting our increasingly interconnected world and its susceptibility to show more ...
The threat actor group UNC4393, known for deploying BASTA ransomware, has undergone continuous changes in its tactics since mid-2022. Researchers have tracked over 40 UNC4393 intrusions across 20 industries and about 500 victims on its data leak site to study the group's operations and changes. While the group show more ...
The Android spyware known as Mandrake has made a significant resurgence with a new variant. This Mandrake spyware has been discovered hidden in five seemingly innocuous applications on Google Play. These apps, which were downloaded a combined total of over 32,000 times, remained undetected by most security vendors for show more ...
IBM’s annual Cost of a Data Breach Report released today found that the global average cost of a data breach grew by 10% to $4.88 million in 2024, as breaches have become more disruptive and often overwhelmed security teams. One bright note: The IBM-Ponemon report – now in its 19th year – found that show more ...
Meta Platforms Inc. has reached a record $1.4 billion settlement with the state of Texas to resolve a privacy lawsuit that alleged the tech giant misused facial biometric data without user consent. The Meta facial recognition lawsuit settlement, the largest secured by a single state, comes after years of scrutiny over show more ...
A new vulnerability has been discovered within Proofpoint's email security systems, leading to a phishing campaign that has affected millions. This exploit, dubbed "EchoSpoofing," demonstrated how even the most trusted email security providers could be exploited to execute large-scale phishing attacks. show more ...
In a move that could cause some serious headaches for website administrators, DigiCert, a major digital certificate provider, is revoking thousands of SSL certificates due to a technical error in the company's domain validation process. DigiCert made the decision after discovering a critical issue in its Domain show more ...
Cyberattacks in India have reached alarming levels, with a staggering 593 incidents reported in the first half of 2024. The education, government, and technology sectors emerged as the most vulnerable targets, according to a recent report. This surge in cyberattacks underscores the critical need for robust show more ...
In an era of increasing cyber threats and financial volatility, threat intelligence solutions can help chief financial officers (CFOs) bolster financial stability in their organizations by staying ahead of scams, fraud, impersonation and other financial risks. By harnessing the advanced data analysis and risk show more ...
We spent several months researching a new and very smart crypto scam, where the victims were slowly, craftily encouraged to install a malicious crypto management app. However, the ones who got scammed were only nominally victims, because the operators, like some digital Robin Hoods, targeted… other pilferers. Take show more ...
_SOPA_Images_Limited_Alamy.jpg)
The incident serves as a stark reminder of the fragility of our digital infrastructure. By adopting a diversified, resilient approach to cybersecurity, we can mitigate the risks and build a more secure digital future.
_AlexPhotoStock_alamy.jpg)
According to the study, around 400 stolen GenAI credentials are being sold by threat actors per day.
Data thieves heisted the HSA provider's data repository for 4.5 million people's HR information, including employer and dependents intel.
With sufficient privileges in Active Directory, attackers only have to create an "ESX Admins" group in the targeted domain and add a user to it.
Clutch Security is the latest cybersecurity startup looking to secure and manage non-human identity.
The phishing campaigns involve sending fake emails that appear to be from Microsoft, leading recipients to malicious Microsoft Forms impersonating Microsoft 365 or Adobe login pages.
A malicious campaign targeting users searching for W2 forms began on June 21, 2024, with a JavaScript file dropping a Brute Ratel Badger DLL into the user's AppData. This initiated the installation of a Latrodectus backdoor.
The flaw, identified as CVE-2024-41637, affects RaspAP versions before 3.1.5 and has a severity score of 9.9. The vulnerability stems from improper access controls, enabling attackers to escalate privileges from www-data to root.
Ransomware operators like Black Basta and Akira have already used this vulnerability in attacks, with Storm-0506 deploying Black Basta ransomware on the ESXi hypervisors of a North American engineering firm.
Critical vulnerabilities within Hotjar and Business Insider have been uncovered by security researchers, posing risks for enterprises. These vulnerabilities highlight a broader issue with XSS flaws reintroduced by new technologies, increasing risks.
The issue, which began in late June, affected a few thousand Workspace accounts that were created without domain verification. Google has since fixed the problem and added more security measures to prevent similar bypasses in the future.
A bug hunter discovered a bypass in Meta's Prompt-Guard-86M model by inserting character-wise spaces between English alphabet characters, rendering the classifier ineffective in detecting harmful content.
The U.S. State Department emphasized the importance of including human rights protections in the upcoming United Nations cybercrime treaty. The final round of negotiations for the treaty, which began on Monday and will conclude on August 9, 2024.
The recent attacks by the SideWinder APT group use phishing lures related to emotional topics like sexual harassment and salary cuts to trick victims into opening booby-trapped Microsoft Word documents.
Change Healthcare has started the process of notifying millions of Americans affected by a massive cyberattack and data theft that occurred more than five months ago. The company is sending individual breach notification letters on a rolling basis.
The newly discovered backdoor has limited samples available on VirusTotal, making detection more difficult. It operates by collecting system information and sending it to a command and control server, awaiting further instructions.
This investment will allow Cowbell to expand its operations, enter key global markets, enhance cyber resilience services, introduce innovative products, and strengthen partnerships.
The European Central Bank has completed a cyber stress test for the banking sector, finding that while banks have strong response frameworks, there is still room for improvement in recovery capabilities.
The attackers use social engineering tactics to get users to run a PowerShell script, compromising their systems. The scam starts with an email containing an HTML file that tricks the recipient into clicking on a button to fix a fake DNS issue.
The campaign began in January 2024 and peaked at 14 million emails in June. The emails were designed to steal sensitive information and included authentic-looking signatures to bypass security measures.
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can show more ...
Ubuntu Security Notice 6924-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6927-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software show more ...
Ubuntu Security Notice 6923-2 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor show more ...
Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-8 - tvOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-7 - watchOS 10.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Chuksrio LMS version 2.9 suffers from an insecure direct object reference vulnerability.
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.
An issue was discovered on One2Track 2019-12-08 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., show more ...
An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable.
An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or functionally used, but is nevertheless available). Two backdoor accounts (root and default) exist that can be used on this interface. The show more ...
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality.
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other show more ...
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically.
An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used.
An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or username is ever transferred over this protocol. Thus, one can set up show more ...
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests do not require anti-CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For example, an attack could deliver a worrisome printout to an end user.
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or changing the DNS servers.
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case, anyone connecting to the web admin panel is capable of becoming admin without using any credentials.
An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD5 hash of the show more ...
A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware. The attacks involve the exploitation of CVE-2024-37085 (CVSS score: 6.8), an Active Directory integration authentication bypass that allows an attacker to obtain administrative access to the host. "A
The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishing campaign include countries like Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the
Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. "This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems," Trellix security researcher Rafael Pena said in a Monday analysis. The cybersecurity
A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for download from the Google Play Store and remained undetected for two years. The applications attracted a total of more than 32,000 installations before being pulled from the app storefront, Kaspersky said in a Monday write-up. A majority of the downloads originated
As more people work remotely, IT departments must manage devices distributed over different cities and countries relying on VPNs and remote monitoring and management (RMM) tools for system administration. However, like any new technology, RMM tools can also be used maliciously. Threat actors can establish connections to a victim's device and run commands, exfiltrate data, and stay
Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT. Some of the other regions targeted by the campaigns include Italy and Romania, according to cybersecurity firm ESET. "Attackers used previously
Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk. The deep and dark web, otherwise known as the cybercriminal underground, is where malicious actors gather to
In episode nine of "The AI Fix", our hosts learn about the world's most dangerous vending machine, a cartoonist who hypnotises himself with AI, and OpenAI's plans to eat Google's lunch. Graham tells Mark about a pig-farming professor, and Mark tests Graham's tolerance with OpenAI's show more ...
On Friday posts were published on the internet containing what appeared to be the personal information of Israeli Olympic athletes. Read more in my article on the Hot for Security blog.
ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families
Source: www.databreachtoday.com – Author: 1 Cybercrime , Fraud Management & Cybercrime Threat Actors Profit from GitHub’s Inauthentic Accounts Network Prajeet Nair (@prajeetspeaks) • July 29, 2024 A threat actor dubbed “Stargazer Goblin” uses a network of GitHub repositories to show more ...
Source: www.databreachtoday.com – Author: 1 Application Security , Next-Generation Technologies & Secure Development , Secure Software Development Lifecycle (SSDLC) Management Peter McKay on Improving Developer Practices, Integrating Security and Cutting Risk Michael Novinson (MichaelNovinson) • July 29, show more ...
Source: www.databreachtoday.com – Author: 1 Cybercrime , Fraud Management & Cybercrime Leading Cybersecurity, Technology Companies ‘Gravely Concerned’ Over Cyber Treaty Chris Riotta (@chrisriotta) • July 29, 2024 Talks at the United Nations for an international cybercrime treaty resumed show more ...
Source: www.databreachtoday.com – Author: 1 Breach Notification , Fraud Management & Cybercrime , Healthcare IT Services Vendor Is Sending Individual Letters to Victims on a Rolling Basis Marianne Kolbasuk McGee (HealthInfoSec) • July 29, 2024 Image: Change Healthcare Millions of Americans will show more ...
Source: www.databreachtoday.com – Author: 1 Tim Grieveson Senior Vice President – Global Cyber Security Risk Advisor, Bitsight Tim Grieveson is Senior Vice President – Global Cyber Security Risk Advisor at Bitsight, helping organizations transform how they measure and manage their cybersecurity show more ...
