Cyber Security

A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it’s working to remediate the issue in an upcoming security update. Tracked as CVE-2021-36958 (CVSS score: 7.3), the unpatched flaw is the latest to join a list of bugs collectively known as

Attackers are using many types of attacks to compromise business-critical data. These can include zero-day attacks, supply chain attacks, and others. However, one of the most common ways that hackers get into your environment is by compromising passwords. The password spraying attack is a special kind of password attack that can prove effective in compromising

A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts. Dubbed “Ficker Stealer,” it’s notable for being propagated via Trojanized web links and compromised

Global IT consultancy giant Accenture has become the latest company to be hit by the LockBit ransomware gang, according to a post made by the operators on their dark web portal, likely filling a void left in the wake of DarkSide and REvil shutdown. “These people are beyond privacy and security. I really hope that

As cyber threats keep on increasing in volume and sophistication, more and more organizations acknowledge that outsourcing their security operations to a 3rd-party service provider is a practice that makes the most sense. To address this demand, managed security services providers (MSSPs) and managed service providers (MSPs) continuously search for the right products that would

Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to exfiltrate sensitive information from corporate networks. “We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google,” researchers Shir Tamari and

Adobe on Tuesday shipped security updates to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system. The issues affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento

Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked as CVE-2021-20090 (CVSS score: 9.9), the weakness concerns a path traversal vulnerability in the

A Chinese cyber espionage group has been linked to a string of intrusion activities targeting Israeli government institutions, IT providers, and telecommunications companies at least since 2019. FireEye’s Mandiant threat intelligence arm attributed the campaign to an operator it tracks as “UNC215”, a Chinese espionage operation that’s believed to have singled out organizations around the

A new Android trojan has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces. Dubbed “FlyTrap,” the previously undocumented malware is believed to be part of a family of trojans that employ social

Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should—the insider threat. But the reality is that most organizations should be at least as worried about user management as they are about Bond villain-type hackers

A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. “It turns out that these ‘randomly’ chosen numbers aren’t always as random as you’d like when

VMware has released security updates for multiple products to address a critical vulnerability that could be exploited to gain access to confidential information. Tracked as CVE-2021-22002 (CVSS score: 8.6) and CVE-2021-22003 (CVSS score: 3.7), the flaws affect VMware Workspace One Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize

Koo, India’s homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform. The vulnerability involves a stored cross-site scripting flaw (also known as persistent XSS) in Koo’s web application that allows malicious scripts

Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user’s device, resulting in the theft of sensitive information by just deploying a malicious e-book. “By sending Kindle users a single malicious e-book, a threat actor could have stolen

Apple on Thursday said it’s introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material (CSAM) in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every Apple device for

Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers (PLCs) that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorizedly login to the CPU module, and even cause a denial-of-service (DoS) condition. The security weaknesses, disclosed by Nozomi Networks, concern

Multiple cybercriminal groups are leveraging a malware-as-a-service (MaaS) solution to distribute a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish against individuals in Belgium as well as government agencies, companies, and corporations in the U.S. Dubbed “Prometheus” and

On the surface, Salesforce seems like a classic Software-as-a-Service (SaaS) platform. Someone might even argue that Salesforce invented the SaaS market. However, the more people work with the full offering of Salesforce, the more they realize that it goes beyond a traditional SaaS platform’s capabilities. For example, few people talk about managing the security aspects

Networking equipment major Cisco has rolled out patches to address critical vulnerabilities impacting its Small Business VPN routers that could be abused by a remote attacker to execute arbitrary code and even cause a denial-of-service (DoS) condition. The issues, tracked as CVE-2021-1609 (CVSS score: 9.8) and CVE-2021-1610 (CVSS score: 7.2), reside in the web-based management

A systematic analysis of attacks against Microsoft’s Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years. The findings were presented today by ESET malware researcher

An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020. The latest research, published by Singapore-headquartered company Group-IB, delves into a piece of computer virus called “Webdav-O” that was detected in the intrusions, with the cybersecurity firm observing similarities between

Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what’s a “highly modular” .NET-based information stealer and keylogger, charting the course for the threat actor’s continued evolution while simultaneously remaining under the radar. Dubbed “Solarmarker,” the malware campaign is believed to be active since September 2020, with

As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t participated in the growing and profitable MSSP market as it entailed massive investments in building

Three distinct clusters of malicious activities operating on behalf of Chinese state interests have staged a series of attacks to target networks belonging to at least five major telecommunications companies located in Southeast Asian countries since 2017. “The goal of the attackers behind these intrusions was to gain and maintain continuous access to telecommunication providers

The maintainers of Python Package Index (PyPI) last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanese security researcher RyotaK, who in the past has disclosed critical vulnerabilities

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services (IIS) servers to infiltrate their networks. Israeli cybersecurity firm Sygnia, which identified the campaign, is tracking the advanced,

Cybersecurity researchers on Monday disclosed a set of nine vulnerabilities known as “PwnedPiper” that left a widely-used pneumatic tube system (PTS) vulnerable to critical attacks, including a possibility of complete takeover. The security weaknesses, disclosed by American cybersecurity firm Armis, impact the Translogic PTS system by Swisslog Healthcare, which is installed in about 80% of

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage. “Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets,

A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. Dubbed “Vultur” due to its use of Virtual Network Computing (VNC)’s remote screen-sharing technology to gain full visibility on targeted users, the