Bleeping Computer
JUNE 14, 2023
The Chinese threat group 'ChamelGang' infects Linux devices with a previously unknown implant named 'ChamelDoH,' allowing DNS-over-HTTPS communications with attackers' servers. [.
Google Security
JUNE 14, 2023
Tamás Koczka, Security Engineer In 2020 , we integrated kCTF into Google's Vulnerability Rewards Program (VRP) to support researchers evaluating the security of Google Kubernetes Engine (GKE) and the underlying Linux kernel. As the Linux kernel is a key component not just for Google, but for the Internet, we started heavily investing in this area. We extended the VRP's scope and maximum reward in 2021 (to $50k), then again in February 2022 (to $91k), and finally in August 2022 (to $133k).
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
JUNE 14, 2023
Hackers are impersonating cybersecurity researchers on Twitter and GitHub to publish fake proof-of-concept exploits for zero-day vulnerabilities that infect Windows and Linux with malware. [.
CSO Magazine
JUNE 14, 2023
With an ever-increasing number of cybersecurity threats and attacks, companies are becoming motivated to protect their businesses and customer data both technically and financially. Finding the right insurance has become a key part of the security equation, which is no surprise given that the average cost of a data breach in the US has risen to $9.44 million — more than twice the global average of $4.35 million.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JUNE 14, 2023
Microsoft has released an optional fix to address a Kernel information disclosure vulnerability affecting systems running multiple Windows versions, including the latest Windows 10, Windows Server, and Windows 11 releases. [.
The Hacker News
JUNE 14, 2023
The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867 (CVSS score: 3.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JUNE 14, 2023
What Price 4th Amendment? Warrant not needed if info bought from brokers. The post Your Personal Data Sold to US Intelligence Agencies appeared first on Security Boulevard.
CyberSecurity Insiders
JUNE 14, 2023
Since June 11th, 2023, Floating Point Group (FPG) has been hit by a devastating cyber attack, leading to the suspension of all trading, deposits, and withdrawals. This incident has sparked panic among FPG’s user base, who are eagerly awaiting information on when normal trading practices will resume. While the company has not provided a specific timeline, it has reassured users that its IT staff are working tirelessly to mitigate the risks associated with the attack.
Security Boulevard
JUNE 14, 2023
Hello, fellow travelers! As we prepare for the summer travel season, it's crucial to remember that cybersecurity is just as important as packing your suitcase. As a cybersecurity expert with Avast, I've been asked to compile a comprehensive checklist to help you stay cyber-safe while you're out exploring the world. The post Safe summer travel: Your essential cybersecurity checklist appeared first on Security Boulevard.
CSO Magazine
JUNE 14, 2023
Researchers investigating an Office 365 account compromise resulting from an adversary-in-the-middle (AitM) phishing attack found evidence of a much larger global attack campaign that spans the past year and is possibly tied to an infostealer malware called FormBook. "In the past few years, Sygnia’s IR teams have engaged in numerous incidents in which world-wide organizations were targeted by BEC attacks," researchers from cybersecurity firm Sygnia said in their report.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
JUNE 14, 2023
At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service. All seven repositories, which are still available as of writing, claim to be a proof-of-concept (PoC) exploit for purported zero-day flaws in Discord, Google Chrome, and Microsoft Exchange.
Bleeping Computer
JUNE 14, 2023
A new ChromeLoader campaign is underway, infecting visitors of warez and pirated movie sites with a new variant of the search hijacker and adware browser extension named Shampoo. [.
Dark Reading
JUNE 14, 2023
Attackers continue to attempt to steal Bitcoin and other virtual coins, with a 40% increase in phishing attacks and fourfold increase in incidents.
Security Boulevard
JUNE 14, 2023
Many companies are concerned by the uptick in insider risk that’s come with the work-from-home boom. By one estimate, 58% of office workers work from home at least one day a week. This trend creates blind spots for companies. Managers see their employees less often, people work off-network and on personal devices and they keep. The post Focusing On Productivity Helps Reduce Insider Risk appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JUNE 14, 2023
Malwarebytes confirmed today that the Windows 11 22H2 KB5027231 cumulative update released this Patch Tuesday breaks Google Chrome on its customers' systems. [.
Security Boulevard
JUNE 14, 2023
To establish a robust cyber program, companies must navigate the complexities of ever-changing cybersecurity frameworks and ensure scalability over time, but mapping frameworks is a notoriously difficult task – especially when more than one is in play. The problem is that compliance quickly becomes a lengthy process filled with Excel sheets, constant double-checking, work duplication, and large time and work commitments.
The Hacker News
JUNE 14, 2023
Two "dangerous" security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks.
Security Boulevard
JUNE 14, 2023
Amazon Web Services (AWS) this week added a bevy of offerings and capabilities to its cloud security portfolio as part of an ongoing effort to automate the management of cloud security. Announced at the AWS re:Inforce conference, these extensions to the AWS cloud security portfolio include an AWS Security Lake that is now generally available. The post AWS Expands Cloud Security Services Portfolio appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
JUNE 14, 2023
A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which shipped on May 30, 2023.
Security Boulevard
JUNE 14, 2023
Discover how honeytokens, digital decoys designed to detect unauthorized access, can strengthen the security of your CI/CD pipelines. In this guide, we offer step-by-step instructions for integrating them into popular pipelines like Jenkins, GitLab, and AWS CodePipeline. The post How to Secure Your CI/CD Pipelines with GitGuardian Honeytokens appeared first on Security Boulevard.
Dark Reading
JUNE 14, 2023
St. Margaret's Health is shutting down due to a 2021 ransomware attack and other factors. It's an object lesson for how small and rural healthcare facilities face grave cyber-risk when extortionists come calling.
Security Boulevard
JUNE 14, 2023
Companies across multiple industries are outsourcing many of their operations to reduce costs, increase scalability and streamline operations. Information security (InfoSec) risk management with third parties, including outsourcing, requires persistence and consistency due to the primary business risk it presents. Third-party managers need to have insights into a variety of areas of information security, including.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
JUNE 14, 2023
Hundreds of thousands of online stores are potentially exposed to hacking due to a critical vulnerability in the WooCommerce Stripe Payment Gateway plugin. The WooCommerce Stripe Payment Gateway plugin is affected by a critical vulnerability tracked as CVE-2023-34000. The Stripe plugin extends WooCommerce allowing administrators of the e-commerce sites to take payments directly on their store via Stripe’s API.
The Hacker News
JUNE 14, 2023
Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderate, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser.
Security Affairs
JUNE 14, 2023
A China-linked APT group tracked as UNC3886 has been spotted exploiting a VMware ESXi zero-day vulnerability. Mandiant researchers observed a China-linked cyberespionage group, tracked as UNC3886 , exploiting a VMware ESXi zero-day vulnerability tracked as CVE-2023-20867. “VMware Tools contains an Authentication Bypass vulnerability in the vgauth module.” reads the advisory published by VMware. “A fully compromised ESXi host can force VMware Tools to fail to authenticate host-t
Graham Cluley
JUNE 14, 2023
There are shocking revelations about a US Government data suck-up, historic security breaches at Windsor Castle, and the MOVEit hack causes consternation. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Digital Shadows
JUNE 14, 2023
On June 14, 2023, Clop named its first batch of victims. The ReliaQuest Threat Research Team continues to monitor the site for more updates.
Heimadal Security
JUNE 14, 2023
Cybercriminals use fake accounts on Twitter and GitHub to spread fake proof-of-concept (PoC) exploits for zero-day vulnerabilities. They impersonate cybersecurity researchers to push Windows and Linux with malware. How the Scam Works These impersonators pretend to work at a fake cybersec company, named “High Sierra Cyber Security”, or even at well-known organizations.
CSO Magazine
JUNE 14, 2023
In an unusual attack campaign, a hacker has been setting up rogue GitHub repositories that claim to host zero-day exploits for popular applications but which instead deliver malware. The attacker also created fake GitHub and Twitter accounts posing as security researchers and even used real photos of researchers from well-known cybersecurity firms. "The attacker has made a lot of effort to create all these fake personas, only to deliver very obvious malware," researchers from security firm VulnC
The Hacker News
JUNE 14, 2023
The threat actors behind the LockBit ransomware-as-a-service (RaaS) scheme have extorted $91 million following hundreds of attacks against numerous U.S. organizations since 2020. That's according to a joint bulletin published by the U.S.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
143 
Let's personalize your content