The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST in July 2022 for post-quantum cryptography has been broken. Researchers from the KTH Royal Institute of Technology, Stockholm, Sweden, used recursive training AI combined with side channel attacks. A side-channel attack exploits measurable information obtained from a device running the target … [Read more...]
HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance
The operators of a fairly new ransomware operation named HardBit are prepared to negotiate the ransom amount with their victims based on their cyberinsurance policy. The HardBit ransomware emerged in October 2022, with version 2.0 launched in late November. In a blog post published on Monday, data security company Varonis reported seeing samples of the malware throughout the rest of 2022 and … [Read more...]
Scrut Automation Raises $7.5 Million for GRC Platform
India-based Scrut Automation has announced raising $7.5 million in a new funding round that will help the company improve its governance, risk and compliance (GRC) automation platform and expand its presence in the United States. The latest funding round, which brings the total raised by Scrut Automation to more than $10 million, was led by MassMutual Ventures, with participation from … [Read more...]
Twitter Shuts Off Text-Based 2FA for Non-Subscribers
Elon Musk’s Twitter started a security ruckus over the weekend with the sudden decision to turn off text message/SMS method of two-factor authentication (2FA) for anyone not subscribed to its paid Twitter Blue service. “While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors. So starting today, we will no longer allow … [Read more...]
Coinbase Attack Linked to Group Behind Last Year’s Twilio, Cloudflare Hacks
Coinbase, one of the world’s largest cryptocurrency exchanges, was recently targeted in a sophisticated cyberattack that appears to have been conducted by the same threat group that targeted Twilio, Cloudflare and many others last year. Coinbase revealed on Friday that its employees were targeted in an SMS phishing campaign on Sunday, February 5. The targeted workers received text messages … [Read more...]
New Samsung Message Guard Protects Mobile Devices Against Zero-Click Exploits
With the launch of its latest flagship Galaxy smartphones, Samsung has introduced a new sandbox feature named Message Guard that is designed to protect devices against zero-click exploits. It’s not uncommon for sophisticated threat actors to target users with exploits that can be triggered without any interaction from the victim. As an example, Samsung described a scenario where a hacker … [Read more...]
Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb
Fortinet released 40 security advisories last week to inform customers about the availability of patches for dozens of vulnerabilities, including critical flaws affecting the FortiNAC and FortiWeb products. Two of the advisories have a ‘critical’ severity rating and 15 of them have been classified as having ‘high’ severity. One of the critical advisories describes CVE-2021-42756, a CVE … [Read more...]
Cybersecurity M&A Roundup for February 1-15, 2023
Seventeen cybersecurity-related merger and acquisition (M&A) deals were announced in the first half of February 2023. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. Accenture acquires Morphus Professional services giant Accenture has acquired Brazil-based cybersecurity firm Morphus, which provides … [Read more...]
GoDaddy Says Recent Hack Part of Multi-Year Campaign
GoDaddy has disclosed another cybersecurity incident and the company believes the attack was part of a multi-year campaign conducted by a sophisticated threat actor. In a statement published last week on its website, the hosting giant said a small number of customers complained in early December 2022 about their websites being intermittently redirected. An analysis showed the redirects occurring … [Read more...]
Spain Orders Extradition of British Alleged Hacker to U.S.
Spain’s National Court has agreed to the extradition to the U.S. of a British citizen who allegedly took part in computer attacks, including the July 2020 hacking of Twitter accounts of public figures such as Joseph Biden, Barack Obama and Bill Gates. A court statement Friday said requirements had been met for handing over Joseph James O’Connor to U.S. authorities for 14 charges covering crimes … [Read more...]
Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks
Malwarebytes warns of a remote code execution vulnerability impacting several Arris routers, for which proof-of-concept (PoC) exploit code has been released. Tracked as CVE-2022-45701, the bug exists because the router firmware does not properly neutralize special characters in requests, which allowed security researcher Yerodin Richards to perform shell script command injection. The impacted … [Read more...]
‘Frebniis’ Malware Hijacks Microsoft IIS Function to Deploy Backdoor
A recently identified malware family is abusing Microsoft Internet Information Services (IIS) to deploy a backdoor and monitor all HTTP traffic to the infected system, Symantec reports. Dubbed Frebniis, the malware injects code into a DLL that an IIS feature called Failed Request Event Buffering (FREB) uses when troubleshooting failed requests. FREB collects data about the tracked requests, … [Read more...]
Security Experts Warn of Foreign Cyber Threat to 2024 Voting
Top state election and cybersecurity officials on Thursday warned about threats posed by Russia and other foreign adversaries ahead of the 2024 elections, noting that America’s decentralized system of thousands of local voting jurisdictions creates a particular vulnerability. Russia and Iran have meddled in previous elections, including attempts to tap into internet-connected electronic voter … [Read more...]
SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities
SolarWinds this week published multiple advisories describing high-severity vulnerabilities expected to be patched with a SolarWinds Platform update by the end of February. Out of a total of seven security defects, five are described as deserialization of untrusted data issues that could be exploited to achieve command execution. Four of them have a CVSS score of 8.8. Tracked as CVE-2023-23836, … [Read more...]
EU Organizations Warned of Chinese APT Attacks
The European Union Agency for Cybersecurity (ENISA) and CERT-EU are warning of multiple Chinese advanced persistent threat (APT) actors targeting businesses and government organizations in the EU. The observed malicious activity, the agencies say in a joint advisory (PDF), can be attributed to several known Chinese hacking groups, including APT27, APT30, APT31, Ke3chang, Gallium, and Mustang … [Read more...]
Hackers Earn $180,000 for ICS Exploits at Pwn2Own Miami 2023
White hat hackers received a total of $180,000 at the Pwn2Own Miami 2023 hacking contest this week for exploits targeting widely used industrial control system (ICS) products. At the ICS edition of Pwn2Own, hackers have been invited to demonstrate exploits against OPC UA, data gateway and edge products made by Aveva, Inductive Automation, ProSys, PTC, Softing Industrial Automation, Triangle … [Read more...]
Data Security Startup CommandK Raises $3 Million in Seed Funding
Early-stage cybersecurity startup CommandK has raised $3 million in seed funding for a solution designed to help organizations protect their sensitive data. The investment round was led by Lightspeed and received additional participation from various angel investors. Founded in 2022, the San Francisco, California-based company provides organizations with an all-in-one sensitive data manager … [Read more...]
Atlassian Investigating Security Breach After Hackers Leak Data
Enterprise software giant Atlassian has launched an investigation after a hacker group leaked information belonging to the company. A threat actor named SiegedSec, whose members have claimed to be hacktivists, announced on its Telegram channel and hacking forums that it “hacked the software company Atlassian”. They made 35 Mb of files public. This includes two image files apparently … [Read more...]
How Ukraine War Has Shaped US Planning for a China Conflict
As the war rages on in Ukraine, the United States is doing more than supporting an ally. It’s learning lessons — with an eye toward a possible future clash with China. No one knows what the next U.S. major military conflict will be or whether the U.S. will send troops — as it did in Afghanistan and Iraq — or provide vast amounts of aid and expertise, as it has done with Ukraine. But China remains … [Read more...]
Published XIoT Vulnerabilities Trend Down, but Vigilance Must Remain High: Report
Published XIoT vulnerabilities are trending down and have been since 2021. At the same time, the percentage of vulnerabilities published by the device manufacturer rather than third-party researchers is trending up. The clear implication is device manufacturers are taking greater responsibility for the security of their own devices. The reason is probably twofold: government pressure and … [Read more...]
- « Previous Page
- 1
- …
- 139
- 140
- 141
- 142
- 143
- …
- 146
- Next Page »