Port 22

How GDPR Is Failing
May 23, 2022

The world-leading data law changed how companies work. But four years on, theres a lag on cleaning up Big Tech.

ISaPWN research on the security of ISaGRAF Runtime
May 23, 2022

This report includes an analysis of the ISaGRAF framework, its architecture, the IXL and SNCP protocols and the description of several vulnerabilities the Kaspersky ICS CERT team had identified.

Yes, Containers Are Terrific, But Watch the Security Risks
May 23, 2022

Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that dont mitigate these risks are vulnerable to attack. In this article, we outline how containers contributed to agile development, which unique security risks containers bring into the picture and what

Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns
May 23, 2022

Fronton, a distributed denial-of-service (DDoS) botnet that came to light in March 2020, is much more powerful than previously thought, per the latest research. “Fronton is a system developed for coordinated inauthentic behavior on a massive scale,” threat intelligence firm Nisos said in areportpublished last week. “This system includes a web-based dashboard known as SANA that enables a user

PayPal Pays a Hacker $200,000 for Discovering 'One-Click-Hack' Vulnerability
May 23, 2022

A security researcher disclosed details of a clickjacking attack demonstrated against PayPal that could be exploited to steal victims’ account balances in a single click. Clickjacking, also calledUI redressing, refers to a technique wherein an unwitting user is tricked into clicking seemingly innocuous webpage elements like buttons with the goal of downloading malware, redirecting to malicious

Researchers Find Backdoor in School Management Plugin for WordPress
May 20, 2022

Multiple versions of a WordPress plugin by the name of “School Management Pro” harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifierCVE-2022-1609and is rated 10 out of 10 for severity. The backdoor, which is believed to have existed since version 8.9, enables “an

Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild
May 20, 2022

Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution. “A successful exploit could allow

University of Toronto Magazine: The Extremism Machine
May 20, 2022

The Capitol uprising of January 6, 2021 led to intensified discussions regarding the rise of disinformation. John Scott-Railton, Ron Deibert, and Gabrielle Lim comment on the Citizen Labs mission to track technological threats against civil society.

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices
May 20, 2022

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its command-and-control (C2) server, isknownto have beenactivesince at least 2014. “XorDdos’ modular

Cytrox's Predator Spyware Target Android Users with Zero-Day Exploits
May 20, 2022

Google’s Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. “The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched

Researchers Uncover Rust Supply-Chain Attack Targeting Cloud CI Pipelines
May 20, 2022

A case of software supply chain attack has been observed in the Rust programming language’scrate registrythat leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack “CrateDepression.” Typosquatting attackstake placewhen an adversary mimics the name of a popular package on a public registry in hopes that developers

Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor
May 20, 2022

The North Korea-backed Lazarus Group has been observed leveraging theLog4Shell vulnerabilityin VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart. “The attacker used the Log4j vulnerability on VMware Horizon products that were not applied with the security patch,” AhnLab Security Emergency Response Center (ASEC)saidin a

Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware
May 19, 2022

Fraudulent domains masquerading as Microsoft’s Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. “The spoofed sites were created to distribute malicious ISO files which lead to a Vidar info-stealer infection on the endpoint,” Zscalersaidin a report. “These variants of Vidar malware

QNAP Urges Users to Update NAS Devices to Prevent Deadbolt Ransomware Attacks
May 19, 2022

Taiwanese network-attached storage (NAS) devices maker QNAP on Thursday warned its customers of a fresh wave of DeadBolt ransomware attacks. The intrusions are said to have targeted TS-x51 series and TS-x53 series appliances running on QTS 4.3.6 and QTS 4.4.1, according to its product security incident response team. “QNAP urges all NAS users to check and update QTS to the latest version as

Pro-Russian Information Operations Escalate in Ukraine War
May 19, 2022

In the three months since the war started, Russian operatives and those allied with the nation’s interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.

6 Scary Tactics Used in Mobile App Attacks
May 19, 2022

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.


May 19, 2022

autosuggestion


May 19, 2022

autosuggestion

Page 1 of 104 Older Posts →