The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832,
admin
German logistics provider Hellmann Worldwide Logistics has warned customers social engineering attacks could target them after being hit by a ransomware attack earlier this month. In an update on the incident, which forced the company to take its IT systems temporarily offline on December 9, Hellmann confirmed that the attackers extracted data. While it is still investigating what type
By Guilherme Venere, Ismael Valenzuela, Carlos Diaz, Cesar Vargas, Leandro Costantino, Juan Olle, Jose Luis Sanchez Martinez, AC3 Team Collaborators: ATR Team (Steve Povolny, Douglas McKee, Mark Bereza), Frederick House (FireEye) In this post we want to show how an endpoint solution with performant memory scanning capabilities can effectively detect active exploitation scenarios and complement
As we close out another year like no other, let’s look back at some of the most notable cybersecurity stories that shaped 2021 Unsurprisingly, 2021 has seen no shortage of notable cybersecurity moments, so much so that it’s no mean feat to whittle the long list down to just a few stories that rocked (not
A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices. “An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether
The state of New York has passed a law that makes it a crime to falsify information on a COVID-19 vaccination card. New York governor Kathy Hochul signed new legislation on Wednesday that makes falsifying information on a COVID-19 vaccination card a Class D felony comparable under the New York Penal Law to promoting a sexual performance
We’re online more than ever, in large part because it allows us to take advantage of online conveniences like bill pay and booking appointments. But these many benefits might also leave us exposed to risks, like identity theft. Identity theft is characterized by one person using another’s personal or financial data for their benefit. Cybercriminals
Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has been dubbed “Blister” by researchers from Elastic Security, with
Russia has slapped American tech company Google with a record-breaking fine for failing to remove “banned content.” A Russian court issued the $100m financial penalty on Friday in response to Google’s alleged “systematic failure to remove banned content.” Although the financial penalty is the largest fine of its kind ever to be issued by a
Most of us use the internet every day, so we’re comfortable sharing a lot of information online. However, cybercriminals want us to get a bit too comfortable so they can take our personal or financial data and use it for their benefit. This is called identity theft, and it can cost people money and may
Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement’s disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. “Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service] groups dominating the ecosystem at this
The prime minister of Albania has issued a public apology after the personal data of hundreds of thousands of Albanian citizens was allegedly leaked online. An Excel file containing what appears to be data relating to employees in the public and private sectors was found circulating on social media and has reportedly been broadly shared through messaging
What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you know understand what’s at stake. Let’s start with an overview and a few examples of
Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to “trivially and reliably” bypass a “myriad of foundational macOS security mechanisms” and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score:
by Paul Ducklin SFW! Here they are! The Top N cybersecurity stories of the year that are totally SFW, and entirely conducive to Happy Holidays! And by totally SFW, we don’t just mean Suitable For Work, but also Something For the Weekend – a double bonus if you’re on official duty over the holiday break and
A Russian cyber-criminal who hacked into three tech companies and stole more than 100 million user credentials will not have to pay restitution to his corporate victims. Yevgeniy Aleksandrovich Nikulin was found guilty in July 2020 of causing data breaches at LinkedIn, Dropbox, and the now defunct social media platform Automatic in 2012. Speaking during the closing
Most of us take our skills for granted when it comes to technology. We move effortlessly between applications and multiple devices. We install new software, set up numerous accounts, and easily clear technical hurdles that come our way. Unfortunately, that picture isn’t the norm for many older adults. Engaging with technology can be challenging for older adults. However, when digital literacy skills are neglected or avoided, everyday activities such as online bill paying, shopping, medical appointments, and
Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache’s Log4j software library by nefarious adversaries. “These vulnerabilities, especially Log4Shell, are severe,” the intelligence agencies said in the new guidance. “Sophisticated cyber threat actors are actively scanning
by Paul Ducklin The picture you see above is not only a real Fisher-Price product, released in the second decade of the 21st century… …but is also officially NOT A TOY! Sure, it looks like a Chatter Phone toy, with an external appearance that adults of all ages will recognise, perhaps from having had one,
Threat actors have exploited a vulnerability in Log4j software to wage a cyber-attack on Belgium’s Defense Ministry. The attack began on December 16 and was confirmed by Belgium’s Ministry of Defense on Monday. Speaking to the AFP in Brussels on Tuesday, Belgian military spokesman Commander Olivier Séverin said that the incident had caused damage to services that were connected to the
Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote system. It is found in a heavily utilized java open-source logging framework known as log4j. The framework is widely used across millions of enterprise applications and therefore a lucrative target for threat actors to exploit. The availability
Don’t leave your kids to their own devices – give them a head start with staying safe online instead The festive season is a time for giving, and what better present to give your children than ensuring that they can enjoy their new connected gadgets and stay safe along the way? As parents, we need
China’s internet regulator, the Ministry of Industry and Information Technology (MIIT), has suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months for failing to promptly report a critical security vulnerability affecting the broadly used Log4j logging library. The development was reported by Reuters and South China
by Paul Ducklin This story isn’t quite as dramatic as if the Feds had managed to reverse tens of thousands of separate Bitcoin (BTC) transactions used in a global online scam to defraud tens of thousands of separate and vulnerable victims… …but it’s spectacular nevertheless, given that the stolen-but-recovered amount came to BTC 3,879.16, which
A United States court has sentenced a Russian national who admitted being involved in a conspiracy to launder money stolen from American victims of computer fraud. Maksim Boiko, also known as Maxim Boyko, and online as “gangass,” was one of 20 individuals indicted by the US in connection with the transnational criminal organization QQAAZZ. With members
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part
Transportation industry and government agencies related to the sector are the victims of an ongoing campaign since July 2020 by a sophisticated and well-equipped cyberespionage group in what appears to be yet another uptick in malicious activities that are “just the tip of the iceberg.” “The group tried to access some internal documents (such as
by Paul Ducklin Pick a random person, and ask them these two questions: Q1. Have you heard of Apache? Q2. If so, can you name an Apache product? We’re willing to wager that you will get one of two replies: A1. No. A2. (Not applicable.) A1. Yes. A2. Log4j. Two weeks ago, however, we’d suggest
Detectives investigating a hacking incident at a Florida college have charged a former nurse with possessing child sexual abuse material (CSAM). An investigation was launched in June 2021 when two IT accounts belonging to a program coordinator and an instructor at Polk State College were hacked. The employees were locked out of their labs and scheduling accounts,
The internet provides plenty of fun and exciting opportunities for you and your family, from sharing on social media to online shopping. To help you enjoy every minute of it, though, it’s good to be aware of what less savory characters are up to. And they sure have been busy. In fact, the U.S. Federal
- « Previous Page
- 1
- …
- 89
- 90
- 91
- 92
- 93
- …
- 114
- Next Page »