I pirati del gruppo RansomHub pubblicano su Dark Web alcuni dei documenti sottratti e chiedono al club di Serie A di pagare un riscatto
ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.
Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach.
I recently realised that I still owe you guys some writeups, so since OBTSv7 is around the corner here's the one for badmalloc. I found this back in March 2023, and it got fixed in October. About the bug There's a bug in MallocStackLogging, Apple's "magical" framework that allows developers …
Since February 2024, the World Watch Cyber Threat Intelligence team has been working on an extensive study of the private and public relationships within the Chinese cyber offensive ecosystem. This includes:
The Banshee Stealer macOS malware operation, which emerged earlier this year, was reportedly shut down following a source code leak.
We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.
A record number of cyber incidents impacted Britain’s critical drinking water supplies this year without being publicly disclosed, according to information obtained by Recorded Future News.
The exact nature of these incidents is unclear, and they may include operational failures as well as attacks. Under British cybersecurity laws — known as the NIS Regulations — critical infrastructure companies are required to report “significant incidents” to the government within three days or face a fine of up to £17 million ($21 million).
How plug-and-play hacking tools and lax configs helped a Russian script kiddie start a scheme.
Aqua Nautilus researchers uncovered a new and widespread DDoS campaign orchestrated by a threat actor named Matrix.
A local government resource for helping Japanese citizens cut ties with organized crime was successfully phished in a tech support scam, and could have dangerous consequences.
This blog post discusses a data exposure risk in Microsoft Power Pages due to misconfigured access controls, highlighting the need for better security and monitoring.
Leaders of the big telecommunications companies were summoned to the White House to discuss strategies for overhauling the security of the nation’s telecommunications networks amid growing alarm at the scope of a Chinese hack.
A loose collective of mostly low-skilled actors, CyberVolk absorbs and adapts a wide array of destructive malware for use against political targets.
Attackers can use manipulated archives to try to inject malicious code into 7-Zip users. An update is available.
In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware. Recorded Future’s Insikt Group discovered that the attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a disguised security certificate. This malware, often used by threat actors for remote access and post-exploitation, highlights a continued cyber-espionage focus on Tibetan entities. TAG-112’s infrastructure, concealed using Cloudflare, links this campaign to other China-sponsored operations, particularly TAG-102 (Evasive Panda).
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems.
"Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday.
The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS.
The Qualys Threat Research Unit (TRU) has identified five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user interaction. The identified flaws have been assigned the CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, highlighting the need for immediate remediation to protect system integrity.
Our TRU team has successfully developed functional exploits for these vulnerabilities. While we will not disclose our exploits, please be aware that these vulnerabilities are easily exploitable, and other researchers may release working exploits shortly following this coordinated disclosure.
These vulnerabilities have been present since the introduction of interpreter support in needrestart version 0.8, released in April 2014.
