Sat.Jul 16, 2022

article thumbnail

Hackers pose as journalists to breach news media org’s networks

Bleeping Computer

Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. [.].

Media 138
article thumbnail

CISA urges to fix multiple critical flaws in Juniper Networks products

Security Affairs

CISA urges admins to apply recently released fixes in Juniper Networks products, including Junos Space, Contrail Networking and NorthStar Controller. CISA urges users and administrators to review the Juniper Networks security advisories page ?and apply security updates available for some products, including Junos Space, Contrail Networking and NorthStar Controller.

DNS 101
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Elastix VoIP systems hacked in massive campaign to install PHP web shells

Bleeping Computer

Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. [.].

Hacking 98
article thumbnail

Critical flaw in Netwrix Auditor application allows arbitrary code execution

Security Affairs

A vulnerability in the Netwrix Auditor software can be exploited to execute arbitrary code on affected devices. Bishop Fox discovered a vulnerability in the Netwrix Auditor software that can be exploited by attackers to execute arbitrary code on affected devices. Netwrix Auditor is a an auditing software that allows organizations to monitor their IT infrastructure, it is currently used by more than 11000 organizations worldwide.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Amazon Handed Ring Videos to Cops Without Warrants

WIRED Threat Level

Plus: A wild Indian cricket scam, an elite CIA hacker is found guilty of passing secrets to WikiLeaks, and more of the week's top security news.

Scams 97
article thumbnail

Security Affairs newsletter Round 374 by Pierluigi Paganini

Security Affairs

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Critical flaw in Netwrix Auditor application allows arbitrary code execution CISA urges to fix multiple critical flaws in Juniper Networks products Threat actors exploit a flaw in Digium Phone Software to target VoIP servers Tainted password-cracking software for industrial systems used to spread P2P Sality bot Experts warn of attacks on sites usi

More Trending

article thumbnail

Threat actors exploit a flaw in Digium Phone Software to target VoIP servers

Security Affairs

Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto Networks warns. Recently, Unit 42 researchers spotted a campaign targeting the Elastix system used in Digium phones since December 2021. Threat actors exploited a vulnerability, tracked as CVE-2021-45461 (CVSS score 9.8), in the Rest Phone Apps (restapps) module to implant a web shell on VoIP servers.

article thumbnail

BSidesSF 2022 – Sharon Goldberg’s ‘Avoiding Insidious Points Of Compromise In Infrastructure Access Systems’

Security Boulevard

Our sincere thanks to Security BSides San Francisco for publishing their outstanding conference videos on the organization's YouTube channel. Permalink. The post BSidesSF 2022 – Sharon Goldberg’s ‘Avoiding Insidious Points Of Compromise In Infrastructure Access Systems’ appeared first on Security Boulevard.

article thumbnail

APT groups target journalists and media organizations since 2021

Security Affairs

Researchers from Proofpoint warn that various APT groups are targeting journalists and media organizations since 2021. Proofpoint researchers warn that APT groups are regularly targeting and posing as journalists and media organizations since early 2021. The media sector is a privileged target for this category of attackers due to the access its operators have to sensitive information that could be aligned with the interests of state actors.

Media 90
article thumbnail

BSidesSF 2022 – Jeevan Singh’s ‘Redefining Threat Modeling: Security Team Goes On Vacation’

Security Boulevard

Our sincere thanks to Security BSides San Francisco for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesSF 2022 – Jeevan Singh’s ‘Redefining Threat Modeling: Security Team Goes On Vacation’ appeared first on Security Boulevard.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.