37 matches found
ROS-20250616-11
A vulnerability in the Moodle virtual learning environment is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information. information Vulnerability of moodle virtual learning environment is...
New Best Practices Guide for Securing AI Data Released
Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems. This information sheet highlights the critical role...
ROS-20250307-14
Moodle virtual learning environment vulnerability is related to access control weaknesses. Exploitation The vulnerability could allow a remote attacker to gain unauthorized access to the protected information. protected information A vulnerability in the Moodle virtual learning environment is...
ROS-20240723-05
A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to an insecure privilege management vulnerability. insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate their privileges A vulnerability in the...
ROS-20230919-02
Vulnerability of FilePickerShownCallback function in Mozilla Firefox, Firefox ESR and Thunderbird e-mail client Thunderbird is related to memory usage after it is freed. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of...
Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration
The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aime...
Hackers Exploit Containerized Environments to Steal Proprietary Data and Software
A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary...
Highly Sophisticated SCARLETEEL Cloud Attack That Stole Proprietary Data
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The SCARLETEEL attack was a highly sophisticated cloud operation that involved the theft of proprietary data by exploiting a compromised Kubernetes container,...
The Gig Economy Creates Novel Data-Security Risks
As businesses strive to move faster and faster, many are adopting a “just-in-time” strategy of spinning up human resources on demand – a phenomenon known as the gig economy, familiar to most via Uber, Instacart or DoorDash. But it’s a concept that enterprises are embracing too – inadvertently...
Cybersecurity for journalists: How to defeat threat actors and defend freedom of the press
When you’re a journalist or work for the press, there may be times when you need to take extra cybersecurity precautions—more so than your Average Joe. Whether a reporter is trying to crowd-source information without revealing their story or operating in a country where freedom of the press is a...
What Do High-Level Deep Fakes Mean For Cybersecurity?
Editor’s Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. You’ve heard the term “fake news” bantered about a lot the las...
Bring your own security (BYOS): good idea or not?
We've talked about the concept of Bring Your Own Device, or BYOD, on the blog before. BYOD is a popular policy whereby employees can bring personally-owned devices, such as laptops, tablets, or smartphones, to work and use them to access data and applications. It helps to cut costs and can increa...
Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight
Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary data from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that...
Do you think web passwords are the weakest link in security? Indeed they are.
Between 500K and 500M sets of credentials have been compromised over the recent years, according to various sources. Just last week, a compromise of an educational service Edmondo has been reported to expose as many as 78M user accounts. At the same time, individual users are exposed to so many...
Toyota Employee Allegedly Hacked, Stole Confidential Information
Investigation is now underway into whether a computer programmer allegedly stole proprietary information from the automaker Toyota and “sabotaged” the company’s supplier computer network after being terminated last week. According to a complaint filed late last week .PDF in the U.S. District Cour...
Key Employees' Friends Were Facebook Targets in Aurora Attacks
A significant discovery in the recent Aurora attack that affected Google, Adobe, Yahoo and others is that the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were. The hackers compromised the social network accounts of those friends...
Oracle 9iAS allows access to CGI script source code within CGI-BIN directory
Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...