Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code
Month: May 2022
The US Department of Justice (DoJ) has announced it will no longer prosecute “good faith” hackers under the Computer Fraud and Abuse Act (CFAA). The historic policy shift was announced in a statement yesterday, which declared that white hat hackers will not be prosecuted for accessing a computer when done to improve cybersecurity. The DoJ defined good-faith
by Paul Ducklin Two of the big-news vulnerabilities in this month’s Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931, which affected the safety of authentication in Windows. Even though they were so-called EoP holes rather than RCE bugs (elevation of privilege, instead of the more serious problem of remote code execution), they were neverthless
ESET researchers spot an updated version of the malware loader used in the Industroyer2 and CaddyWiper attacks Sandworm, the APT group behind some of the world’s most disruptive cyberattacks, continues to update its arsenal for campaigns targeting Ukraine. The ESET research team has now spotted an updated version of the ArguePatch malware loader that was
Multiple versions of a WordPress plugin by the name of “School Management Pro” harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity. The backdoor, which is believed
The devices employees use as they work from home could be the ones that put their companies at risk. With businesses continuing to support remote and hybrid workplaces, more employees are connecting more of their personal devices to corporate networks, yet these devices aren’t always well protected from malware, breaches, and theft—which can affect them
Pro-Russian hackers have targeted the websites of various Italian institutions and government ministries, law enforcement said on Friday. The attack, which began on Thursday evening and was still in progress as of Friday early afternoon, was reportedly confirmed by Italy’s Postal Police. The attack was launched at around 20:00 GMT on Thursday by the hacker
by Paul Ducklin Just a short note to let you know that we were wrong about Firefox and Pwn2Own in our latest podcast… …but we were right about how Mozilla would react in our latest podcast promotional video: Latest podcast 🎧 Listen now! Firefox & Pwn2Own, Apple and an 0-day… and the mathematics that defeated
When you hear the term ‘cryptocurrency’, does ‘secure’ also spring to mind? Here are some implications of the lack of sound security practices in the world of crypto. When you hear the term ‘cryptocurrency’, does ‘secure’ also immediately spring to mind? In this edition of Week in security, Tony examines several implications of the lack
A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its command-and-control (C2) server, is known to have been
There’s a digital counterpart for nearly everything we do, which means more of our personal information is online. And although this tends to make our lives easier, it opens the door for information to land in the wrong hands. Identity theft happens when someone uses your personal identifiable information (PII) for their own monetary or
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive to all federal agencies to mitigate two new VMware vulnerabilities. The directive relates to two new vulnerabilities – CVE-2022-22972 and CVE-2022-22973 – that CISA believes threat actors are likely to exploit across numerous VMware products. These are VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM),
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’22”] Fun Fact. What does the word “non-commensurate” mean? [01’41”] When is cracking passwords legal? [11’08”] Why did Firefox get patched? [15’20”] This Week in Tech. Which computer needed dropping onto the desk?
Cybercriminals continue to mine for opportunities in the crypto space – here’s what you should know about coin-mining hacks and crypto theft Wherever you look these days, cryptocurrencies are in the news. And it’s not just because of the recent slump in their prices. Everybody seems to have grabbed a slice of the crypto pie
Taiwanese network-attached storage (NAS) devices maker QNAP on Thursday warned its customers of a fresh wave of DeadBolt ransomware attacks. The intrusions are said to have targeted TS-x51 series and TS-x53 series appliances running on QTS 4.3.6 and QTS 4.4.1, according to its product security incident response team. “QNAP urges all NAS users to check
Molding and shaping our kids while we can is every parent’s dream. When kids are young – and sweet! – they are far more inclined to take on board our advice and lovingly imposed rules. Oh, how I miss those days!! And in a nutshell – that’s what a good set of parental controls can
Pharmacy retailer Dis-Chem recently announced that it had been hit by a data breach affecting the personal details of 3.6 million customers. In a statement, Dis-Chem said it was contracted with a third-party service provider and operator for certain managed services that developed a database for Dis-Chem. The database contained “certain categories of personal information
by Paul Ducklin The 2022 edition of the famous (or infamous, depending on your viewpoint) Pwn2Own competition kicks off later today in Vancouver, British Columbia. (Actually, it’s a so-called “hybrid” event this year, so that entrants who can’t or don’t want to travel, whether for coronavirus or environmental reasons, can participate remotely.) Numerous vendors have
In the age of the perpetual news cycle and digital media, the risks that stem from the fake news problem are all too real Every day brings a deluge of news content that competes for our attention and spans everything from politics, health, sports, climate change to the war in Ukraine. The endless amount and
Ransomware is not a new attack vector. In fact, the first malware of its kind appeared more than 30 years ago and was distributed via 5.25-inch floppy disks. To pay the ransom, the victim had to mail money to a P.O. Box in Panama. Fast forward to today, affordable ransomware-as-a-service (RaaS) kits are available on
Multinational company Omnicell recently confirmed that it had experienced a data breach after following a reported ransomware attack, impacting internal systems. The company, headquartered in Mountain View, California, USA, learned of the ransomware attack, which it disclosed on May 9 2022 in a 10-Q filing with the Securities and Exchange Commission. More details are likely
by Paul Ducklin Apple’s latest security updates have arrived. All still-supported flavours of macOS (Monterey, Big Sur and Catalina), as well as all current mobile devices (iPhones, iPads, Apple TVs and Apple Watches), get patches. Additionally, programmers using Apple’s Xcode development system get an update too. The details are below. All the details and bulletin
A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. “Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its
US manufacturing company Parker-Hannifin Corporation has announced a data breach exposing employees’ personal identifiable information (PII) after Conti ransomware actors published reportedly stolen data last month. The firm, one of the largest companies in the world in motion control technologies, revealed in a press release that an unauthorized third party gained access to its IT
The decision to release a ransomware decryptor involves a delicate balancing act between helping victims recover their data and alerting criminals to errors in their code Ransomware – the security scourge of the modern, digital world – just keeps getting more dangerous. We’re educating users about what to do, but it’s hard to stay ahead
The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. Tracked as CVE-2022-30525, the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions
How protected am I online? Customers often ask us some version of this question. It’s a good question and in the past, there was no direct answer – only recommendations. For instance, we recommend online protection that goes beyond antivirus to include identity and privacy protection, as well as promoting safety best practices like using multi-factor authentication. We wondered if there was a simpler and easier way to advise
A former banking IT security boss has been named as the co-chair of the government’s National Cyber Advisory Board, a key institution created as part of its new cybersecurity strategy. Sharon Barber was until recently chief resilience and security officer at Lloyds Banking Group, and will now lead efforts to shape a dialogue between society and
by Paul Ducklin Late last week, our Slackware Linux distro announced an update to follow the scheduled-and-expected Firefox 100 release, which came out at the start of the month. The new version is 100.0.1, and we’re running it happily… …but when we clicked on What’s new two days later, to see what was new, we
The European Parliament announced a “provisional agreement” aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union. The revised directive, called “NIS2” (short for network and information systems), is expected to replace the existing legislation on cybersecurity that was established in July 2016. The revamp sets ground rules,