Kategorie

Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.

Let's face it: we all use email, and we all use passwords. Passwords create inherent vulnerability in the system. The success rate of phishing attacks is skyrocketing, and opportunities for the attack have greatly multiplied as lives moved online. All it takes is one password to be compromised for all other users to become victims of a data breach.  To deliver additional security, therefore,

Cybersecurity researchers have disclosed details of the latest version of the Chaos ransomware line, dubbed Yashma. "Though Chaos ransomware builder has only been in the wild for a year, Yashma claims to be the sixth version (v6.0) of this malware," BlackBerry research and intelligence team said in a report shared with The Hacker News. Chaos is a customizable ransomware builder that emerged in

In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. Attacks are multi-layer these days, with diverse sophisticated software apps taking over different jobs along the attack-chain from initial compromise to

Even as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down their infrastructure in favor of migrating their criminal activities to other ancillary operations, including Karakurt and BlackByte. "From the negotiations site, chatrooms, messengers to servers and proxy hosts - the Conti brand, not the organization itself, is

Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. "It's a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to

Nedávná nehoda automobilu Tesla Model S, při níž zahynuli tři lidé, vyústila v další federální vyšetřování systému Autopilot společnosti Tesla, uvádí deník The Wall Street Journal. Vyšetřování vede Národní úřad pro bezpečnost silničního provozu (NHTSA), který uvedl, že v současné době prověřuje ...

A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse.

In this first part of our Complete Guide to Keylogging in Linux, we will explore the basics of keylogging and its importance in the realm of Linux security, and dive deeper into keylogging in userspace, demonstrating how a keylogger can be written for Linux, by reading events directly from a keyboard device.

The fine has finally gone through... but it's less than 45% of what was originally proposed.

Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don’t mitigate these risks are vulnerable to attack.  In this article, we outline how containers contributed to agile development, which unique security risks containers bring into the picture – and what

Kybernetický útok na Ředitelství silnic a dálnic (ŘSD) napáchal podle šéfa organizace Radka Mátla „obrovské škody“, z nichž se společnost bude vzpamatovávat měsíce. Útok minulý týden narušil weby či účetnictví, stavby však neohrozil.

Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

A security researcher claims to have discovered an unpatched vulnerability in PayPal's money transfer service that could allow attackers to trick victims into unknowingly completing attacker-directed transactions with a single click. Clickjacking, also called UI redressing, refers to a technique wherein an unwitting user is tricked into clicking seemingly innocuous webpage elements like buttons

Fronton, a distributed denial-of-service (DDoS) botnet that came to light in March 2020, is much more powerful than previously thought, per the latest research. "Fronton is a system developed for coordinated inauthentic behavior on a massive scale," threat intelligence firm Nisos said in a report published last week. "This system includes a web-based dashboard known as SANA that enables a user

Security researcher Jason Donenfeld who is known for leading the development of the WireGuard open-source software has outlined a new security vulnerability affecting the Oracle VM VirtualBox software.

Protect your Linux servers from XorDdos, a botnet scanning the internet for SSH servers with weak passwords, Microsoft warns.

In early 2020, we notified the Rockwell Automation Product Security Incident Response Team (RA PSIRT) of several vulnerabilities we had identified in the ISaGRAF Runtime execution environment.

According to public sources of information, ISaGRAF Runtime is used as an automation framework in multiple products in various industries across the globe and its use is not limited to ICS. ISaGRAF Runtime are also used in transportation, power & energy, and other sectors.

This report includes an analysis of the ISaGRAF framework, its architecture, the IXL and SNCP protocols that are used to program and control ISaGRAF-based devices and to communicate with them.

Our research has uncovered multiple vulnerabilities in ISaGRAF Runtime. The following potential vectors of attacks on ISaGRAF-based devices have been identified:

• A remote unauthenticated attacker could execute privileged commands of the IXL service on devices with ISaGRAF Runtime versions released before 2010.
• A remote attacker could easily implement a password brute force attack in ISaGRAF Runtime.
• An attacker that can carry out a MitM attack will be able to overwrite tag statuses, the program being downloaded to the device, or authentication data. Since authentication data is encrypted with a preset symmetric key, the attacker could decrypt an intercepted target (device) password.
• An attacker could exploit the vulnerabilities identified to gain remote access to a device with ISaGRAF Runtime and execute arbitrary malicious code inside the ISaGRAF Runtime virtual machine.
• An attacker could exploit the vulnerabilities to escape the ISaGRAF Runtime sandbox, ensure the malicious code’s persistence on the device, and hide it from future detection.

Detailed descriptions of the vulnerabilities identified are provided, along with an analysis of the impact that their potential abuse could have and recommendations on additional risk mitigation measures.

By the end of 2021, all of the vulnerabilities identified had been fixed by the technology vendor, or mitigations were suggested by the vendor, CISA, or Kaspersky ICS CERT.

As of March 2022, the following vendors had reported ISaGRAF Runtime vulnerabilities in their products: Rockwell Automation, Schneider Electric, Xylem, GE, and Moxa.

More information is available on the Kaspersky ICS CERT website.

Při phishingových útocích zneužívají hackeři zpravidla známé značky. V prvním čtvrtletí letošního roku se přitom vůbec nejčastěji vydávali za pracovníky profesní sítě LinkedIn. Vyplývá to z analýzy kyberbezpečnostní společnosti Check Point. Jaké další značky jsou nejvíce zneužívané?