The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw affecting Oracle Fusion Middleware systems to its Known Exploited Vulnerabilities (KEV) Catalog on Monday. The bug, which CISA confirmed has been exploited in the wild, allows unauthenticated attackers with network access via HTTP to compromise Oracle Access Manager. Successful attacks targeting this vulnerability
Month: November 2022
by Paul Ducklin Researchers at secure coding company Checkmarx have warned of porn-themed malware that’s been attracting and attacking sleazy internet users in droves. Unfortunately, the side-effects of this malware, dubbed Unfilter or Space Unfilter, apparently involve plundering data from the victim’s computer, including Discord passwords, thus indirectly exposing the victim’s contacts – such as
ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm’s fingerprints all over it The ESET research team has spotted a new wave of ransomware attacks taking aim at multiple organizations in Ukraine and bearing the hallmarks of other campaigns previously unleashed by the Sandworm APT group. Even though the
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as
Do yourself a favor: Open a new browser tab and head to your search engine of choice. Type in your full name and home address. Then, see what pops up. Are the results sparking an ember of unease in the back of your brain? Whether you’re a private person online or you’re comfortable sharing your
A phishing campaign discovered in July that saw threat actors impersonating the Ministry of Human Resources of the UAE government may be more significant in scale than previously believed. The findings come from security researchers at CloudSEK, who published a new advisory about the threat earlier today. The technical write-up says the company has discovered an
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn’t have permission to perform an action can coerce a more-privileged entity to
A series of exploits have been found in the wild targeting Windows Internet Key Exchange (IKE) Protocol Extensions. According to a new advisory recently shared by security company Cyfirma with Infosecurity, the discovered vulnerabilities could have been exploited to target almost 1000 systems. The attacks observed by the company would be part of a campaign
by Paul Ducklin Google has just patched Chrome’s eigth zero-day hole of the year so far. Zero-days are bugs for which there were zero days you could have updated proactively… …because cybercriminals not only found the bug first, but also figured out how to exploit it for nefarious purposes before a patch was prepared and
The Bahamut APT group distributes at least eight malicious apps that pilfer victims’ data and monitor their messages and conversations This week, ESET researchers published their analysis of a malicious campaign where the Bahamut APT group targets Android users via trojanized versions of two legitimate VPN apps – SoftVPN and OpenVPN. Since January 2022, Bahamut
The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an “unacceptable” national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021. “The FCC is committed to protecting
Google released new software patches on Thursday to address a new zero-day vulnerability in its Chrome web browser. Writing in a security bulletin, the tech giant described the high-severity vulnerability (tracked CVE-2022-4135) as a heap buffer overflow in the graphics processing unit (GPU) component. Google attributed the discovery of the vulnerability to Clement Lecigne from its
‘Tis the season for shopping and if you too are scouting for bargains, make sure to keep your money safe when snapping up those deals The day has come: it’s Black Friday, and once-in-a-year promotions, discounts and deals are everywhere. The rush to grab a bargain has started in earnest, and in times of soaring
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it’s distributing malicious spam. Let’s dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans ever created. The
Authored by Dennis Pang What is antivirus? That’s a good question. What does it really protect? That’s an even better question. Over the years, I’ve come to recognize that different people define antivirus differently. Some see it as way to keep hackers from crashing their computers. Others see it as a comprehensive set of protections.
Remote monitoring and management (RMM) platform ConnectWise has patched a cross-site scripting (XSS) vulnerability that could lead to remote code execution (RCE). Security researchers at Guardio Labs wrote about the flaw earlier this week, saying threat actors could exploit it to take complete control of the ConnectWise platform. “After testing and validating several attack vectors,
by Naked Security writer These days, most of us have telephones that display the number that’s calling before we answer. This “feature” actually goes right back to the 1960s, and it’s known in North American English as Caller ID, although it doesn’t actually identify the caller, just the caller’s number. Elsewhere in the English-speaking world,
It pays not to let your guard down during the shopping bonanza – watch out for some of the most common scams doing the rounds this holiday shopping season Black Friday and Cyber Monday are just around the corner, and scammers are also turning up their efforts in order to cash in on unsuspecting victims
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based
The Bahamut APT group has been targeting Android users through a fake SecureVPN website since at least January 2022. According to a new advisory from Eset, the app used as part of this malicious campaign was a trojanized version of either of two legitimate VPN apps, SoftVPN or OpenVPN. In both instances, the apps were
by Paul Ducklin SPOTLIGHT ON CYBERTHREATS Security specialist John Shier tells you the “news you can really use” – how to boost your cybersecurity based on real-world advice from the 2023 Sophos Threat Report. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and
What color jersey will you be sporting this November and December? The World Cup is on its way to television screens around the world, and scores of fans are dreaming of cheering on their team at stadiums throughout Qatar. Meanwhile, cybercriminals are dreaming of stealing the personally identifiable information (PII) of fans seeking last-minute vacation
Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram ESET researchers have identified an active campaign targeting Android users, conducted by the Bahamut APT group. This campaign has been active since January 2022 and malicious apps are distributed
The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although
The European Union Parliament adopted the Digital Operational Resilience Act (DORA) on November 10, 2022. Set to be enshrined into law at the end of 2022, DORA will introduce a comprehensive set of rules for financial organizations to strengthen their digital operational resilience and prevent and mitigate cyber threats. With this new regulation in mind,
by Paul Ducklin Over the past year, we’ve had the unfortunate need to warn our readers not once, but twice, about a scam we’ve dubbed CryptoRom, a portmanteau word formed from the terms “Cryptocurrency” and “Romance scam”. Simply put, these scammers use a variety of techniques, notably including prowling on dating sites, to meet people
Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if
Do your employees take more risks with valuable data because they’ve become desensitized to security guidance? Spot the symptoms before it’s too late. IT security is often regarded as the “Department of No” and sometimes it’s easy to see why. In a world of escalating cyber-risk, expanding attack surfaces and a fast-growing cybercrime economy, security
As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. “The underground market value of stolen logs and compromised card details is estimated around $5.8 million,” Singapore-headquartered Group-IB said in a report shared with The Hacker News. Aside
A Vietnam-based hacking operation dubbed “Ducktail” is targeting individuals and companies operating on Facebook’s Ads and Business platform. Security researchers at WithSecure discovered the campaign earlier this year and described new developments in an advisory published earlier today. “We don’t see any signs of Ducktail slowing down soon, but rather see them evolve rapidly in
- 1
- 2
- 3
- 4
- Next Page »