While malware distributors may have a harder time getting their malicious apps through Google’s automatic scanning and flagging system, but, SharkBot shows that they can easily bypass the company’s security barriers and even human or manual verifications. Although the app was unpopular, its presence in Google Play Store shows that nobody but the distribution platform […]
Cybersecurity specialists report the detection of a critical vulnerability in Cyberark Identity, a trusted partner for many leading organizations that allows implementing defense measures against cyberattacks, enabling digital businesses and boosting the operational efficiency of an organization. According to the report, exploiting this vulnerability would allow threat actors to access sensitive information. Tracked as CVE-2022-22700, […]
Cybersecurity specialists reported the detection of multiple vulnerabilities in IBM Security QRadar SOAR. According to the report, successful exploitation of these flaws would allow the deployment of severe attack scenarios. Below are brief descriptions of the reported flaws, in addition to their tracking keys and scorings assigned according to the Common Vulnerability Scoring System (CVSS). […]
RagnarLocker is a ransomware operation first detected in 2020 and has remained active despite constant changes and measures implemented by governments around the world against such groups. Since the beginning of 2022, the Federal Bureau of Investigation (FBI) has identified at least 52 ransomware-infected organizations in 10 critical infrastructure sectors, including manufacturing, financial services, energy, […]
MercadoLibre, one of the most important e-commerce companies in Latin America, confirmed unauthorized access to a part of its source code, in addition to confirming that the attackers managed to access the personal records of some 300,000 users. The company has not confirmed that its IT infrastructure was affected during the incident. The Argentine firm […]
Cybercriminals leverage multiple methods to bring financial gain. Most of the ways are based on infiltrating an organization’s network and gaining unauthenticated access, which will lead to disruption in their operations. This can be achieved by Ransomware or DDoS Extortion attacks. Ransomware and DDoS extortion attacks are both threats businesses should take seriously. Here are […]
A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia’s invasion of Ukraine. Google’s Threat Analysis Group (TAG) said it took down two Blogspot domains that were used by the nation-state group FancyBear (aka APT28) – which is attributed […]
Unpatched software is a computer code containing known security weaknesses. Unpatched vulnerabilities refer to weaknesses that allow attackers to leverage a known security bug that has not been patched by running malicious code. Software vendors write additions to the codes, known as “patches,” when they come to know about these application vulnerabilities to secure these […]
Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed “Dirty Pipe” (CVE-2022-0847, CVSS score: 7.8) by IONOS software developer Max Kellermann, the […]
Cybersecurity specialists report the detection of a severe vulnerability in the Linux kernel whose exploitation would allow threat actors to escape from a container to execute arbitrary commands. The flaw was tracked as CVE-2022-0492 and received a score of 7/10 according to the Common Vulnerability Scoring System (CVSS). The flaw was described as a privilege […]
Researchers published research detailing a method for taking control of smart speakers, which would allow threat actors to make phone calls, access e-commerce websites, and control appliances, doors, and lockers linked to these devices. According to the report, the attack works by using the speaker to issue voice commands, as long as the command issued […]
Thousands of people in France experienced difficulties accessing the Internet due to what appears to be a cyberattack deployed by the Russian government over the past few days. Around 9,000 users of a satellite Internet service provided by Nordnet were affected by this incident, which would have started at the end of February. Separately, Eutelsat […]
Imperva security firm recently claimed that it has managed to foil a massive ransom distributed denial-of-service (DDoS) cyberattack that peaked at 2.5 million requests per second recently (on a single server), keeping some unnamed site up and running and uncrashed by reducing the RPS by 99%. Ransom DDoS attacks have been around for a long […]
Facial Liveness Verification (FLV) technology is one of the most modern security implementations, currently used for identity authentication in web domains that require the highest user verifications. Despite the fact that multiple cloud service providers already offer this solution and it is in a process of widespread adoption, it is still unknown how far the […]
Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be […]
Cybersecurity company Imperva on Friday said it recently mitigated a ransom distributed denial-of-service (DDoS) attack targeting an unnamed website that peaked at 2.5 million requests per second (RPS). “While ransom DDoS attacks are not new, they appear to be evolving and becoming more interesting with time and with each new phase,” Nelli Klepfish, security analyst […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise,” the agency said […]
Nigerian authorities are still working on the case of the four employees accused of committing electronic fraud against Fidelity Bank to the tune of more than 870 million Naira. According to the report, the testimony of a new witness will be instrumental in convicting Olusegun Babasola, Abisola Ahmed, Uchechukwu Uma and Jude Alphaeus. The defendants […]
Cybersecurity specialists report the detection of two vulnerabilities in VMware Spring Cloud Gateway, a library for creating API gateways over Spring and Java for a flexible way to route requests based on a number of criteria. According to the report, the exploitation of these flaws could lead to dangerous hacking scenarios. Below are brief descriptions […]
Most web applications today must be protected against multiple hacking variants, such as remote code execution (RCE), SQL injections, cross-site scripting (XS) attacks, and other common security issues. The so-called web application firewalls (WAF) are the most common security solutions, and within these Google Cloud Armor has become a recurring choice among Google Cloud Load […]
Cisco recently released a patch for a new generation of exploits that target some of its recently shipped products (Expressway Series and Cisco TelePresence Video Communication Server (VCS)). This security flaw leaves these devices susceptible to attacks, leaving them open to widespread vulnerabilities that Cisco promptly addressed by releasing the patch. On successful exploitation of […]