Cyber Security News

December 3, 2022

Some of Rackspace’s hosted Microsoft Exchange services have been taken down by what the company has described as a “security incident”. The company’s most recent incident report at the time of writing, time-stamped 01:57 Eastern Time on December 3rd, offers the following information. “On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted ...

December 2, 2022

The cyber security of major events, whether they are related to sports, professional conferences, expos or other events can be a time-consuming, complex undertaking. It necessitates a multifaceted approach and the involvement of multiple entities, including but not limited to the vendors, hospitality teams and service providers to facilitate a uniform approach to cybersecurity across ...

December 2, 2022

On November 1, 2022, OpenSSL released a security advisory describing two high severity vulnerabilities within the OpenSSL library (CVE-2022-3786 and CVE-2022-3602). OpenSSL versions from 3.0.0 – 3.0.6 are vulnerable, with 3.0.7 containing the patch for both vulnerabilities. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. In the days leading up to the security advisory, ...

December 2, 2022

WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) announced that the Cyber Safety Review Board (CSRB) will review the recent attacks associated with Lapsus$, a global extortion-focused hacker group. Lapsus$ has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and ...

December 2, 2022

My day started rough. It was 7 a.m., and I was just partially through my first cup of coffee, when I noticed a new message in my email inbox. It was from PayPal and the subject line said, “You’ve got a money request.” And so began my first look at this three-pronged PayPal phishing scam. Read more… Source: ZDNet  

December 2, 2022

Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. Unit 42 researchers will also discuss the evasion tactics used by these threats, and other issues that make ...

December 2, 2022

It would hardly be an exaggeration to say that the phrase “indicators of compromise” (or IOCs) can be found in every report published on the Securelist. Usually after the phrase there are MD5 hashes, IP addresses and other technical data that should help information security specialists to counter a specific threat. But how exactly can indicators ...

December 2, 2022

In part one, Trend Micro researchers discussed what numerical control machines do and their basic concepts. These concepts are important to understand the machines better, offering a wider view of their operations. The researchers also laid out how we evaluated the chosen vendors for Trend Micro research. For this blog, Trend Micro will continue discussing their ...

December 2, 2022

Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the start of the year. “Google is aware of reports that an exploit for CVE-2022-4262 exists in the wild,” the search giant said in a security advisory published ...

December 1, 2022

Eufy’s claims to keep “privacy in your own hands” have been rendered null, after a researcher caught the security camera company uploading local-only footage to the cloud without user authorization or knowledge. To top it all off, users have also been made aware that you can watch camera streams using VLC without authentication. Paul Moore, a ...

December 1, 2022

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Cuba ransomware IOCs and TTPs associated with Cuba ransomware actors identified through FBI investigations, third-party reporting, and open-source reporting. This advisory updates the December 2021 FBI Flash: Indicators of Compromise Associated with Cuba Ransomware. Note: ...