To Customer Support To Customer Support

Events
Leaderboard
Customer Support

📊 2023 OpenText Cybersecurity Threat Report: Share, Discuss, and Win!

21 hours ago

Home
Community overview
Welcome

Welcome

News, Announcements, Tech Discussions

40690 Topics

Recently active

Most replies Most views Newest first

Jasper_The_RasperModerator

posted in Security Industry News

Cisco Event Response: March 2023 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

Doc ID:ERP-74842First Published: 2023 March 22 16:00 GMTVersion: 1.0 Summary Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on March 22, 2023. In direct response to customer feedback, Cisco releases bundles of Cisco IOS and IOS XE Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year. The March 22, 2023, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 10 Cisco Security Advisories that describe 10 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Cisco has released software updates that address these vulnerabilities. Details The following table identifies Cisco Security content that is associated with this bundled publication: Cisco Security Advisory CVE ID Security Impact Rating CVSS Base Score Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability CVE-2023-20

6 days ago

Jasper_The_RasperModerator

posted in Security Industry News

New CISA tool detects hacking activity in Microsoft cloud services

March 23, 2023 By Sergiu Gatlan The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments.Known as the 'Untitled Goose Tool' and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments."Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer's Azure Active Directory (AzureAD), Azure, and M365 environments," CISA says. >> Full Article <<

6 days ago

Jasper_The_RasperModerator

posted in Security Industry News

A look at a Magecart skimmer using the Hunter obfuscator

March 21, 2023 By Jérôme Segura Threat actors are notorious for trying to hide their code in various ways, from binary packers to obfuscators. On their own, these tools are not always malicious as they can also be be used by companies or individuals who wish to keep their work safe from piracy, but they tend to be largely abused.In the case of credit card skimmers used in client-side attacks, obfuscators are a common occurrence as they can make code identification more difficult. Defenders typically have the choice to either use the browser's debugger and step through the code, or can statically try to reverse it. The latter tends to be quite time consuming, but the former is often problematic if the threat actor added some anti-debugging routines.Today we look at a Magecart skimmer that uses Hunter, a PHP Javascript obfuscator. During our investigation, we were able to discover a number of domains all part of the same infrastructure with custom skimmers for several Magento store. &gt

6 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Journalist plugs in unknown USB drive mailed to him—it exploded in his face

Explosives replace malware as the scariest thing a USB stick may hide.SCHARON HARDING - 3/22/2023 It's no secret that USB flash drives, as small and unremarkable as they may look, can be turned into agents of chaos. Over the years, we've seen them used to infiltrate an Iranian nuclear facility, infect critical control systems in US power plants, morph into programmable, undetectable attack platforms, and destroy attached computers with a surprise 220-volt electrical surge. Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn't get the memos.As reported by the Agence France-Presse (via CBS News) on Tuesday, five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated. >> Full Article <<

7 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Chrome 111 Update Patches High-Severity Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers. March 22, 2023 By Ionut Arghire Google this week announced a Chrome 111 update that brings patches for eight vulnerabilities, including seven flaws that were reported by external researchers.All seven of the externally reported issues are high-severity memory safety bugs, with four of them described as use-after-free vulnerabilities, a type of bug that could lead to arbitrary code execution, data corruption, or denial of service.Based on the bug bounty reward handed out ($10,000), the most important of these vulnerabilities is CVE-2023-1528, a use-after-free flaw in Chrome’s Passwords component. >> Full Article <<

7 days ago

Jasper_The_RasperModerator

posted in Security Industry News

New Android Banking Trojan 'Nexus' Promoted As MaaS

March 22, 2023 By Alessandro Mascellino A new Android banking Trojan has been discovered in several malicious campaigns worldwide. Dubbed ‘Nexus’ by Cleafy security researchers, the tool is promoted as part of a Malware-as-a-Service (MaaS) subscription and provides features to perform account takeover (ATO) attacks.“In January 2023, a new Android banking Trojan appeared on multiple hacking forums under the name of Nexus,” wrote the company in an advisory published on Tuesday. “However, [we] traced the first Nexus infections way before the public announcement in June 2022.” >> Full Article <<

7 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Windows 11 also vulnerable to “aCropalypse” image data leakage

7 days ago

Jasper_The_RasperModerator

posted in Security Industry News

North Korean hackers using Chrome extensions to steal Gmail emails

March 22, 2023 By Bill Toulas A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of Korea (NIS) warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails.Kimsuky (aka Thallium, Velvet Chollima) is a North Korean threat group that uses spear phishing to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians. Initially focused on targets in South Korea, the threat actors expanded operations over time to target entities in the USA and Europe.The joint security advisory was released to warn of two attack methods used by the hacking group — a malicious Chrome extension and Android applications.While the current campaign targets people in South Korea, the techniques used by Kimsuky can be applied globally, so raising awareness is vital. >> Full Article <<

7 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products

Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says. March 22, 2023 By Jai Vijayan An analysis of data associated with zero-day attacks in 2022 suggests that threat actors are increasingly probing for security weaknesses in edge-infrastructure technologies, including VPNs, firewalls, and IT management products.Researchers from Mandiant tracked a total of 55 zero-day vulnerabilities that adversaries exploited in various malicious campaigns last year and found that 10 of them involved an Internet-facing edge device.Among them were CVE-2022-1040 and CVE-2022-3236 in Sophos firewalls, CVE-2022-20821 in Cisco IOS, CVE-2022-42474 and CVE-2022-41226 in Fortinet's FortiOS, CVE-2022-288810 in Zoho ManageEngine, and CVE-2022-35247 in SolarWinds Serv-u. >> Full Article <<

7 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Experts released PoC exploits for severe flaws in Netgear Orbi routers

March 22, 2023 By Pierluigi Paganini Cisco Talos researchers published PoC exploits for vulnerabilities in Netgear Orbi 750 series router and extender satellites.Netgear Orbi is a line of mesh Wi-Fi systems designed to provide high-speed, reliable Wi-Fi coverage throughout a home or business. The Orbi system consists of a main router and one or more satellite units that work together to create a seamless Wi-Fi network that can cover a large area with consistent, high-speed Wi-Fi. >> Full Article <<

7 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Facebook accounts hijacked by new malicious ChatGPT Chrome extension

March 22, 2023 By Bill Toulas A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts.The extension is a copy of the legitimate popular add-on for Chrome named "ChatGPT for Google" that offers ChatGPT integration on search results. However, this malicious version includes additional code that attempts to steal Facebook session cookies.The publisher of the extension uploaded it to the Chrome Web Store on February 14, 2023, but only started promoting it using Google Search advertisements on March 14, 2023. Since then, it has had an average of a thousand installations per day. >> Full Article <<

7 days ago

Jasper_The_RasperModerator

posted in Security Industry News

High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian

Cisco Talos researchers found two high-severity vulnerabilities in WellinTech’s KingHistorian industrial data historian software. March 22, 2023 By Eduard Kovacs Cisco’s Talos threat intelligence and research unit this week disclosed the details of two high-severity vulnerabilities discovered last year in WellinTech’s KingHistorian industrial data historian software.China-based industrial automation software company WellinTech designed KingHistorian for collecting and processing a ‘massive amount’ of industrial control system (ICS) data. Talos researchers discovered that the historian is impacted by two flaws. One of them, tracked as CVE-2022-45124, can allow an attacker who can intercept an authentication packet to obtain the username and password of the legitimate user who logged in to the system. >> Full Article <<

7 days ago

TylerMSr. Security Analyst & Community Manager

published in Cybersecurity Standpoint

Artificial intelligence and machine learning in cybersecurityBlog

Artificial intelligence (AI) and machine learning (ML) are going to revolutionize the field of cybersecurity. These technologies can be used to improve the detection and prevention of cyber threats, making it easier for organizations to protect their networks and data. However, as with any new technology, there are also potential risks and challenges that must be considered.One of the biggest benefits of AI and ML in cybersecurity is their ability to automatically detect and respond to cyber threats. These technologies can be used to analyze large amounts of data, such as network traffic logs and characteristics of files to identify patterns and anomalies that may indicate a cyber attack or malicious nature. They can also be used to automatically respond to threats, such as by shutting down a compromised system or blocking a malicious IP address. Additionally, the benefits of AI and ML in cybersecurity is their ability to improve the efficiency and effectiveness of incident response. T

44918

7 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Ferrari confirms data breach after receiving a ransom demand from an unnamed extortion group

March 21, 2023 By Pierluigi Paganini Ferrari disclosed a data breach after receiving a ransom demand from an unnamed extortion group that gained access to some of its IT systems.Ferrari disclosed a data breach after it received a ransom demand from an unnamed extortion group that breached its IT systems. The threat actor claims to have stolen certain client details. The company immediately launched an investigation into the incident with the support of a third-party cybersecurity firm and informed relevant authorities. “Ferrari N.V. (NYSE/EXM: RACE) (“Ferrari”) announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details.” reads the noticed published by the luxury car maker. “Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm. In addition, we informed the relevant authorities and ar

7 days ago

Jasper_The_RasperModerator

posted in Security Industry News

PayPal Phishing Scam Uses Invoices Sent Via PayPal

August 18, 2022 By Brian Krebs Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.KrebsOnSecurity recently heard from a reader who received an email from paypal.com that he immediately suspected was phony. The message’s subject read, “Billing Department of PayPal updated your invoice.” A copy of the phishing message included in the PayPal.com invoice. >> Full Article <<

8 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Acropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited images

March 20, 2023 By Pierluigi Paganini The Acropalypse flaw in the Markup tool of Google Pixel allowed the partial recovery of edited or redacted screenshots and images.Security researchers Simon Aarons and David Buchanan have discovered a vulnerability, named ‘Acropalypse,’ in the Markup tool of Google Pixel. The Markup tool is a built-in Markup utility, released with Android 9 Pie that allows Google Pixel users to edit (crop, add text, draw, and highlight) screenshots.The vulnerability allowed the partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. >> Full Article <<

8 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Breached hacking forum shuts down, fears it's not 'safe' from FBI

March 21, 2023 By Bill Toulas The notorious Breached hacking forum has shut down after the remaining administrator, Baphomet, disclosed that they believe law enforcement has access to the site's servers.Breached was a popular hacking and data leak forum notorious for hosting, leaking, and selling data obtained from breached companies, governments, and various organizations. It was a community that attracted people from all realms of cybercrime, including ransomware gangs, data extortionists, security researchers, and those simply interested in the darker side of cybersecurity.The site, and its members, have been responsible for a wide range of breaches, extortion attempts, and ransomware attacks, leaking the data for many high-profile attacks. These breaches include DC Health Link, Twitter, RobinHood, Acer, Activision, and many more. >> Full Article <<

8 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Custom 'Naplistener' Malware a Nightmare for Network-Based Detection

Threat actors are using legitimate network assets and open source code to fly under the radar in data-stealing attacks using a set of custom malware bent on evasion. March 21, 2023 By Elizabeth Montalbano A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the researchers — in attacks against victims operating in southern and southeast Asia.According to a blog post by Elastic senior security research engineer Remco Sprooten, in that region of the world, network-based detection and prevention technologies are the de facto method for securing many environments. But Naplistener — along with other new types of malware used by the group —appear "designed to evade network-based forms of detection," says Jake King, Elastic Security's director of engineering.So, don't sleep on that defense-in-depth strategy. >> Full Article <<

8 days ago

Jasper_The_RasperModerator

posted in Security Industry News

NEW THREAT ACTOR HITS UKRAINIAN AGENCIES

March 21, 2023 By Dennis Fisher The number of APT groups targeting organizations in Ukraine as part of the war with Russia continues to grow, as researchers have identified a new threat actor that has compromised agricultural, government, and transportation organizations in the country with a previously unseen attack framework and backdoor known as PowerMagic.The group, which researchers at Kaspersky discovered and is as-yet unnamed, likely uses spear phishing as its initial access vector, luring victims to an attacker-controlled URL that directs them to a ZIP archive. That archive contains an LNK file and a PDF decoy document that in some cases is named in a similar way to the LNK file to add legitimacy. If the victim opens the LNK file, it will download and execute an MSI file hosted on a remote server. That eventually leads to the installation of the PowerMagic backdoor, which is written in PowerShell and uses OneDrive and Dropbox folders to transport files. >> Full Article &l

8 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Why You Should Opt Out of Sharing Data With Your Mobile Provider

March 20, 2023 By Brian Krebs A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how. Image: Shutterstock Telecommunications giant AT&T disclosed this month that a breach at a marketing vendor exposed certain account information for nine million customers. AT&T said the data exposed did not include sensitive information, such as credit card or Social Security numbers, or account passwords, but was limited to “Customer Proprietary Network Information” (CPNI), such as the number of lines on an account. >> Full Article <<

9 days ago

Jasper_The_RasperModerator

posted in Security Industry News

Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer

March 20, 2023 By Pierluigi Paganini Threat actors are abusing the legitimate Adobe Acrobat Sign service to distribute the RedLine information stealer.Avast researchers reported that threat actors are abusing the legitimate Adobe Acrobat Sign service to distribute the RedLine information stealer.Adobe Acrobat Sign allows registered users to sign documents online and send a document signature request to anyone. This latter process consists of generating an email that is sent to the intended recipients. The message includes a link to the document that that will be hosted on Adobe itself. The experts pointed out that the users can also add a text to the email, this option can be abused by the attackers. >> Full Article <<

9 days ago

1
2
3
4
5
6
...
1628

Page 3 / 1628

Badges

jhartnerd123has earned the badge Most Wanted
ConnorMhas earned the badge Broadcast Boss
ConnorMhas earned the badge Hot Topic Hero
ConnorMhas earned the badge News: Posted 50 topics!
TylerMhas earned the badge News: Posted 100 comments!

Show all badges

Join the Conversation

Tweets by Webroot

Terms & Conditions

Sign up

Already have an account? Login

Username *

E-mail address *

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Login to the community

No account yet? Create an account

Username or Email

Password

Remember me

Forgot password?

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

Customer Support
Webroot.com
Blog
Status Page
Community Guidelines
Legal
Privacy
Cookie Preferences

We have recently updated our Privacy Policies. We encourage you to read the full terms here.