US Postal Service Left 60 Million Users Data Exposed For Over a Year

The United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website. The U.S.P.S. is an independent agency of the American federal government responsible for providing postal...

Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered

Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing...

Hacking Millions with Just an Image — Recipe: Pixels, Ads & Exploit Kit

If you have visited any popular mainstream website over the past two months, your computer may have been infected — Thanks to a new exploit kit discovered by security researchers. Researchers from antivirus provider ESET released a report on Tuesday stating that they have discovered an exploit ki...

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 CVSS score: 7.8, the iss...

From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significa...

Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions

Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Russian cybersecurity firm Kaspersky attributed...

Download Ultimate 'Security for Management' Presentation Template

There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization. Title-wise, this person is most often either the CIO, CISO, or...

Chinese APT Espionage campaign, dubbed 'Icefog' targeted Military contractors and Governments

Kaspersky Lab has identified another Chinese APT campaign, dubbed ‘Icefog’, who targeted Governmental institutions, Military contractors, maritime / shipbuilding groups, telecom operators, industrial and high technology companies and mass media. The Hacking group behind the attack who carry out...

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks

The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps IRGC for their involvement in ransomware attacks at least since October 2020. The agency said...

Several Malware Families Targeting IIS Web Servers With Malicious Modules

A systematic analysis of attacks against Microsoft's Internet Information Services IIS servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight...

Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency CISA has warned. To that end, the agency has added the shortcoming to its Known Exploited...

Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks

Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. "These attacks used the vulnerability, tracked as...

Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them

In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA's Equation Group almost a year before the mysterious Shadow Brokers group leaked them. According to a new report published by...

36-Year-Old SCP Clients' Implementation Flaws Discovered

A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol SCP implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol SCP, also known as...

WPA3 Standard Officially Launches With New Wi-Fi Security Features

The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks. WPA, or Wi-Fi Protected Access, is a standard designed to...

Your Android Phone Can Get Hacked Just By Playing This Video

Are you using an Android device? Beware! You should be more careful while playing a video on your smartphone—downloaded anywhere from the Internet or received through email. That's because, a specially crafted innocuous-looking video file can compromise your Android smartphone—thanks to a critica...

Researchers Find Additional Infrastructure Used By SolarWinds Hackers

The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "skillful and methodic...

Researchers Warn of Unpatched "DogWalk" Microsoft Windows Vulnerability

An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool MSDT, even as the Follina flaw continues to be exploited in the wild. The issue — referenced as DogWalk — relates to a path traversal flaw that can be exploited t...

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems. Dubbed XBash, the new...

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

Red Hat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils previously LZMA Utils have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as...

Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability

Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue...

China suspends deal with Alibaba for not sharing Log4j 0-day first with the government

China's internet regulator, the Ministry of Industry and Information Technology MIIT, has temporarily suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months on account of the fact that it failed to promptly inform the governmen...

New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild

Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android. What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO...

How to Start a Career in Cybersecurity: All You Need to Know

Cybersecurity is one of the most dynamic and exciting fields in tech, combining cutting-edge information technology with crime fighting. It's also an industry in serious need of qualified professionals. Estimates show that there are over one million unfilled cybersecurity jobs. The U.S. Bureau of...

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the...

Microsoft Releases Patches for 64 Flaws — Two Under Active Attack

It's time for another batch of "Patch Tuesday" updates from Microsoft. Microsoft today released its March 2019 software updates to address a total of 64 CVE-listed security vulnerabilities in its Windows operating systems and other products, 17 of which are rated critical, 45 important, one...

NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon

The digital security team at the U.K. National Health Service NHS has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on...

Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication TIPC module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as...

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword. Recently the US Department of Defense DoD created a new certification process – the Cybersecurity Maturity Model Certificate CMMC – to ensure that all its vendors and contractors follow...

New Zoom Hack Lets Hackers Compromise Windows and Its Login Password

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe. No doubt, Zoom is an efficient online video meeting...

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws

Microsoft has issued its second Patch Tuesday for this year to address a total of 77 CVE-listed security vulnerabilities in its Windows operating systems and other products, 20 of which are rated critical, 54 important and 3 moderate in severity. February security update addresses flaws in Adobe...

Two TalkTalk hackers jailed for 2015 data breach that cost it £77 million

Two hackers have been sent to prison for their roles in hacking TalkTalk, one of the biggest UK-based telecommunications company, in 2015 and stealing personal information, banking, and credit card details belonging to more than 156,000 customers. Matthew Hanley, 23, and Connor Allsopp, 21, both...

GHOST glibc Vulnerability Affects WordPress and PHP applications

After the disclosure of extremely critical GHOST vulnerability in the GNU C library glibc — a widely used component of most Linux distributions, security researchers have discovered that PHP applications, including the WordPress Content Management System CMS, could also be affected by the bug...

Exploit Packs updated with New Java Zero-Day vulnerability

A new Java 0-day vulnerability has been discovered, already wind in use by an exploit pack, taking advantage of a fresh zero-day vulnerability in Java and potentially letting hackers take over users’ machines. Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a...

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The...

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts

As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 CVSS score: 9.8, impacts all versions of the Ultimate Member plugin, including the latest version 2.6.6 tha...

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence...

Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in limited, targeted...

3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store⁠—you have been hacked and being tracked. These newly detected malicious Android apps are Camero, FileCrypt, and callCam that...

Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw

The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet. As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing an...

New FaceTime Bug Lets Callers Hear and See You Without You Picking Up

If you own an Apple device, you should immediately turn OFF FaceTime app for a few days. A jaw-dropping unpatched privacy bug has been uncovered in Apple's popular video and audio call app FaceTime that could let someone hear or see you before you even pick up your call. The bug is going viral on...

Google Removes 85 Adware Apps That Infect 9 Million Android Users

Google has removed 85 apps from its Play Store after finding out that they were pushing aggressive, full-screen adware to Android users. With the rise in the mobile market, Adware has become one of the most prevalent mobile threats in the world. Adware has traditionally been used to aggressively...

Microsoft Issues Emergency Patch For Under-Attack IE Zero Day

Microsoft today issued an out-of-band security update to patch a critical zero-day vulnerability in Internet Explorer IE Web browser that attackers are already exploiting in the wild to hack into Windows computers. Discovered by security researcher Clement Lecigne of Google's Threat Analysis Grou...

Check If Your Netgear Router is also Vulnerable to this Password Bypass Flaw

Again bad news for consumers with Netgear routers: Netgear routers hit by another serious security vulnerability, but this time more than two dozens router models are affected. Security researchers from Trustwave are warning of a new authentication vulnerability in at least 31 models of Netgear...

Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities

Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from...

SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

An "aggressive" advanced persistent threat APT group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attack...

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed "NAME:WRECK" by Forescout and JSOF, the flaws are the latest ...

Australia Passes Anti-Encryption Bill—Here's Everything You Need To Know

Australia's House of Representatives has finally passed the "Telecommunications Assistance and Access Bill 2018," also known as the Anti-Encryption Bill, on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypt...

Detecting the "Next" SolarWinds-Style Cyber Attack

The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, t...

Second Flash Player Zero-day Exploit found in 'Hacking Team' Dump

Another Flash zero-day exploit has emerged from the hundreds of gigabytes of data recently leaked from Hacking Team, an Italian surveillance software company that is long been accused of selling spying software to governments and intelligence agencies. The critical zero-day vulnerability in Adobe...