Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs
Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs Go to Source Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an...
BazarCall Call Back Phishing Attacks Constantly Evolving Its Social Engineering Tactics
The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage...
Microsoft Patch Tuesday: 84 new vulnerabilities
Microsoft Patch Tuesday: 84 new vulnerabilities Go to Source The disclosure includes one vulnerability that has been exploited and one that has been publicly disclosed.
It’s Patch Tuesday and still no fix for ProxyNotShell Microsoft Exchange holes
It’s Patch Tuesday and still no fix for ProxyNotShell Microsoft Exchange holes Go to Source And for bonus points, there's a Windows flaw under active exploit Patch Tuesday Microsoft fixed more than 80 security flaws in its products...
The 2020-2022 ATM/PoS malware landscape
Attacks using ATM or PoS malware are on the rise again in 2022 after the COVID-19 lockdowns. The post The 2020-2022 ATM/PoS malware landscape appeared first on TechRepublic.
Cyber Security Today, Oct. 10, 2022 -Warnings to Zimbra and Fortinet administrators, lessons from the hack of a US defence contractor and more
Warnings to Zimbra and Fortinet administrators, lessons from the hack of a US defence contractor and more. Welcome to Cyber Security Today. It’s Monday, October 10th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. This is the...
Microsoft Warns of New Zero-Day; No Fix Yet For Exploited Exchange Server Flaws
Microsoft Warns of New Zero-Day; No Fix Yet For Exploited Exchange Server Flaws Go to Source Microsoft on Tuesday released software fixes to address more than 90 security defects affecting products in the Windows ecosystem and warned...
Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce
Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs to take complete control of vulnerable machines. read more
BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics
The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage...
Automotive Security Threats Are More Critical Than Ever
We’ve all marveled at the latest innovations from Tesla, the skill of Google’s self-driving cars, or, at the very least, enjoyed playing a podcast on our phone through our car’s speakers. read more
Intel Confirms UEFI Source Code Leak as Security Experts Raise Concerns
Intel has confirmed that some of its UEFI source code has been leaked, and while some security experts believe the incident could have serious implications the chipmaker says it’s not concerned. read more
Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox
A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code...
Toyota Discloses Data Breach Impacting Source Code, Customer Email Addresses
Japanese car manufacturer Toyota has disclosed a security incident that involved source code hosted on GitHub and which may have resulted in unauthorized access to roughly 300,000 customer email addresses. read more
Fortinet Confirms Zero-Day Vulnerability Exploited in One Attack
Fortinet has confirmed that the critical vulnerability whose existence came to light last week is a zero-day flaw that has been exploited in at least one attack. read more
Fortinet warns of critical flaw in its security appliance OSes, admin panels
Naturally, they're already under attack – so you know what to do next Security appliance vendor Fortinet has become the subject of a bug report by its own FortiGuard Labs after the discovery of a critical-rated flaw in three of its products.…
Researchers Detail Malicious Tools Used by Cyber Espionage Group Earth Aughisky
A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware...
Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug
Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as CVE-2022-40684 (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS,...
Optus data breach prompts pincer movement of twin regulatory probes
Data retention requirements to be considered alongside infosec failings Australian carrier Optus's recent data breach will be investigated by two regulators, the double trouble likely an indicator of the nation's displeasure at the incident – which saw almost ten...
600k+ Celsius customer crypto-coin records revealed
And why it's not actually a leak Documents filed in crypto lender Celsius Networks' bankruptcy case have revealed financial info on more than 600,000 users.…
Toyota dev left key to customer info on public GitHub page for five years
'Oh what a feeling' when your contractor leaks site source code Toyota has admitted it put 296,019 email addresses and customer management numbers of folks who signed up for its T-Connect assistance website at risk of online theft by bungling its security.…
Endor Labs Joins Race to Secure Software Supply Chain
It’s officially a venture capital funding frenzy in the software supply chain security space. read more
Intel Alder Lake BIOS code leak may contain vital secrets
Gurus say source includes secret hardware info, private signing key for Boot Guard protection Source code for the BIOS used with Intel's 12th-gen Core processors has been leaked online, possibly including details of undocumented model-specific registers (MSRs) and...
Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky
A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware...
State Bar of Georgia Confirms Data Breach Following Ransomware Attack
The State Bar of Georgia was hit by a ransomware attack earlier this year and the organization has now confirmed that member and employee information was compromised. read more
Critical Zimbra RCE Vulnerability Exploited in Attacks
The Zimbra Collaboration Suite is impacted by a critical remote code execution vulnerability that remains unpatched, despite being exploited in attacks. read more
New Report Uncovers Emotet’s Delivery and Evasion Techniques Used in Recent Attacks
Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider (aka...
Several Horner PLC Software Vulnerabilities Allow Code Execution via Malicious Font Files
A cybersecurity researcher has discovered a total of seven high-severity remote code execution vulnerabilities in Horner Automation’s Cscape product and they can all be exploited using malicious font files. read more
Cyber Security Today, Oct. 5, 2022 – An American sentenced to 25 years for laundering money, TD Bank alerts customers in the U.S. of a data theft, and more
An American sentenced to 25 years for laundering money, TD Bank alerts customers in the U.S. of a data theft, and more. Welcome to Cyber Security Today. It’s Wednesday, October 5th, 2022 I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com....
Critical Remote Code Execution Vulnerability Found in vm2 Sandbox Library
A critical vulnerability in vm2 may allow a remote attacker to escape the sandbox and execute arbitrary code on the host. A highly popular JavaScript sandbox library with more than 16 million monthly downloads, vm2 supports the execution of untrusted code...
Singtel confirms digital burglary at Dialog subsidiary
Second of Singapore telco's Australian businesses to be prised open by criminals in weeks Singtel has confirmed that another Australian business it owns, consulting unit Dialog, has fallen victim to a cyber burglary just weeks after the mammoth data leak at telco...