- BlueHat 2023: Applications to Attend NOW OPEN!by Nic Fillingham on December 2, 2022 at 9:58 pm
We are excited to announce that applications to attend BlueHat 2023 are now open! BlueHat 2023 will be the 20th version of the BlueHat conference and will once again be on the Microsoft campus in Redmond, WA, USA, from February 8 – 9, 2023. Hosted by the Microsoft Security Response Center (MSRC), BlueHat is where … BlueHat 2023: Applications to Attend NOW OPEN! Read More »
- Hackers Sign Android Malware Apps with Compromised Platform Certificatesby firstname.lastname@example.org (The Hacker News) on December 2, 2022 at 1:56 pm
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. “A platform certificate is the application signing certificate used to sign the ‘android’ application on the system image,” a report filed through the
- CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCsby email@example.com (The Hacker News) on December 2, 2022 at 1:32 pm
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. “Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server
- The Value of Old Systemsby firstname.lastname@example.org (The Hacker News) on December 2, 2022 at 1:00 pm
Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went
- Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQLby email@example.com (The Hacker News) on December 2, 2022 at 11:29 am
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed “Hell’s Keychain” by cloud security firm Wiz, has been described as a “first-of-its-kind supply-chain attack vector impacting a
- Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Serversby firstname.lastname@example.org (The Hacker News) on December 2, 2022 at 11:09 am
A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua.
- What the CISA Reporting Rule Means for Your IT Security Protocolby email@example.com (The Hacker News) on December 2, 2022 at 10:35 am
The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA, which the President signed into law in March. The sessions and
- Watch Out! These Android Keyboard Apps With 2 Million Installs Can be Hacked Remotelyby firstname.lastname@example.org (The Hacker News) on December 2, 2022 at 7:48 am
Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse. The apps in question are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million times from the Google Play Store. Telepad is no longer available through the app marketplace but can be downloaded from its website.
- Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entitiesby email@example.com (The Hacker News) on December 2, 2022 at 6:04 am
The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies highlighted a “sharp increase in both the number of compromised
- Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Daysby firstname.lastname@example.org (The Hacker News) on December 1, 2022 at 2:32 pm
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. “Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to
- Hackers Leak Another Set of Medibank Customer Data on the Dark Webby email@example.com (The Hacker News) on December 1, 2022 at 1:17 pm
Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. “We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole,” the Australian health insurer said. “While our investigation continues there
- Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Frameworkby firstname.lastname@example.org (The Hacker News) on December 1, 2022 at 11:44 am
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. “The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by
- What Developers Need to Fight the Battle Against Common Vulnerabilitiesby email@example.com (The Hacker News) on December 1, 2022 at 11:13 am
Today’s threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals – like the finance industry, for example – have been subject to regulatory and compliance requirements for some time, we are seeing a steady increase in attention on cybersecurity best
- Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Usersby firstname.lastname@example.org (The Hacker News) on December 1, 2022 at 10:07 am
More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan. Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them. The apps, which were available for download from the official Google Play Store, have now been
- Researchers ‘Accidentally’ Crash KmsdBot Cryptocurrency Mining Botnet Networkby email@example.com (The Hacker News) on December 1, 2022 at 9:48 am
An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down. KmsdBot, as christened by the Akamai Security Intelligence Response Team (SIRT), came to light mid-November 2022 for its ability to brute-force systems with weak SSH credentials. The botnet strikes both Windows and Linux devices spanning a wide range of
- LastPass Suffers Another Security Breach; Exposed Some Customers Informationby firstname.lastname@example.org (The Hacker News) on December 1, 2022 at 9:35 am
Popular password management service LastPass said it’s investigating a second security incident that involved attackers accessing some of its customer information. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” LastPass CEO Karim Toubba said. GoTo, formerly called LogMeIn, acquired LastPass
- North Korea Hackers Using New “Dolphin” Backdoor to Spy on South Korean Targetsby email@example.com (The Hacker News) on November 30, 2022 at 6:30 pm
The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. “The backdoor […] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing
- Implementing Zero Trust access to business data on BYOD with Trustd MTD and Microsoft Entraby Christine Barrett on November 30, 2022 at 5:00 pm
Protect business data—and employee privacy—with conditional access on employees’ personal devices with Trustd MTD and Microsoft Entra. The post Implementing Zero Trust access to business data on BYOD with Trustd MTD and Microsoft Entra appeared first on Microsoft Security Blog.
- Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detectionby firstname.lastname@example.org (The Hacker News) on November 30, 2022 at 1:44 pm
New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an “unexpected behavior” in the npm command line interface (CLI) tool. npm CLI’s install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for
- This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platformsby email@example.com (The Hacker News) on November 30, 2022 at 12:15 pm
A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo (com.vanjan.sms), had over 100,000 downloads and functioned as a relay for transmitting messages to a server, which advertises an account creation
- French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithmby firstname.lastname@example.org (The Hacker News) on November 30, 2022 at 11:57 am
The French data protection watchdog on Tuesday fined electricity provider Électricité de France (EDF) €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements. The Commission nationale de l’informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the
- Australia Passes Bill to Fine Companies up to $50 Million for Data Breachesby email@example.com (The Hacker News) on November 30, 2022 at 9:33 am
The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity’s adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information,
- A Ride on the Wild Side with Hacking Heavyweight Sick Codesby Alex DeDonker on November 29, 2022 at 6:16 pm
Beverage of Choice: Krating Daeng (Thai Red Bull) Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies (Present & Past): Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently has 2,000 tabs open “People keep … A Ride on the Wild Side with Hacking Heavyweight Sick Codes Read More »
- Microsoft supports the DoD’s Zero Trust strategyby Emma Jones on November 22, 2022 at 8:40 pm
The Department of Defense released its formal Zero Trust strategy, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The post Microsoft supports the DoD’s Zero Trust strategy appeared first on Microsoft Security Blog.
- Join us at InfoSec Jupyterthon 2022by Microsoft 365 Defender Threat Intelligence Team on November 22, 2022 at 6:00 pm
Join our community of analysts and engineers at the third annual InfoSec Jupyterthon 2022, an online event taking place on December 2 and 3, 2022. The post Join us at InfoSec Jupyterthon 2022 appeared first on Microsoft Security Blog.
- Vulnerable SDK components lead to supply chain risks in IoT and OT environmentsby Katie McCafferty on November 22, 2022 at 5:00 pm
As vulnerabilities in network components, architecture files, and developer tools have become an increasingly popular attack vector to leverage access into secure networks and devices, Microsoft identified such a vulnerable component and found evidence of a supply chain risk that might affect millions of organizations and devices. The post Vulnerable SDK components lead to supply chain risks in IoT and OT environments appeared first on Microsoft Security Blog.
- DEV-0569 finds new ways to deliver Royal ransomware, various payloadsby Microsoft 365 Defender Threat Intelligence Team on November 17, 2022 at 5:00 pm
DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware. The post DEV-0569 finds new ways to deliver Royal ransomware, various payloads appeared first on Microsoft Security Blog.
- Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)by Andrew Paverd on November 16, 2022 at 6:58 pm
We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning (ML) systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security and privacy guarantees provided by state-of-the-art … Announcing the Microsoft Machine Learning Membership Inference Competition (MICO) Read More »
- Microsoft contributes S2C2F to OpenSSF to improve supply chain securityby Emma Jones on November 16, 2022 at 6:00 pm
We are pleased to announce that the S2C2F has been adopted by the OpenSSF under the Supply Chain Integrity Working Group and formed into its own Special Initiative Group. Our peers at the OpenSSF and across the globe agree with Microsoft when it comes to how fundamental this work is to improving supply chain security for everyone. The post Microsoft contributes S2C2F to OpenSSF to improve supply chain security appeared first on Microsoft Security Blog.
- Token tactics: How to prevent, detect, and respond to cloud token theftby Paul Oliveria on November 16, 2022 at 4:00 pm
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose. The post Token tactics: How to prevent, detect, and respond to cloud token theft appeared first on Microsoft Security Blog.
- 2022 holiday DDoS protection guideby Paul Oliveria on November 15, 2022 at 6:00 pm
The holiday season is an exciting time for many people as they get to relax, connect with friends and family, and celebrate traditions. Organizations also have much to rejoice about during the holidays (for example, more sales for retailers and more players for gaming companies). Unfortunately, cyber attackers also look forward to this time of year to celebrate an emerging holiday tradition—distributed denial-of-service (DDoS) attacks. The post 2022 holiday DDoS protection guide appeared first on Microsoft Security Blog.
- Simplify privacy protection with Microsoft Priva Subject Rights Requestsby Christine Barrett on November 10, 2022 at 5:00 pm
With an ever-changing privacy landscape, taking a proactive privacy approach is key to building privacy resilience. In this blog, learn how Microsoft Priva Subject Rights Requests and its newest update right to be forgotten can help organizations meet their regulatory requirements. The post Simplify privacy protection with Microsoft Priva Subject Rights Requests appeared first on Microsoft Security Blog.
- Microsoft threat intelligence presented at CyberWarCon 2022 by Microsoft 365 Defender Threat Intelligence Team on November 10, 2022 at 5:00 pm
At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity. The post Microsoft threat intelligence presented at CyberWarCon 2022 appeared first on Microsoft Security Blog.
- Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)by msrc on November 3, 2022 at 12:46 am
Summary Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October 25th 2022, fixed in version 3.0.7. As part of our standard processes, we are rolling out fixes for impacted services. Any customer action that is required will be highlighted in this blog and our associated Security Update … Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602) Read More »
- Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DBby msrc on November 1, 2022 at 1:00 pm
Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview) reported by Orca Security. Customers not using Jupyter Notebooks (99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks) were not susceptible to this vulnerability. The bug was introduced on August 12th and fully patched worldwide … Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB Read More »
- Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about Peopleby Aanchal Gupta on October 31, 2022 at 4:50 pm
As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology problem, but at its core, … Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People Read More »
- Congratulations to the Top MSRC 2022 Q3 Security Researchers!by msrc on October 24, 2022 at 5:10 pm
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zhang, Yuki Chen, and Dang The Tuyen! Check out the full list of researchers … Congratulations to the Top MSRC 2022 Q3 Security Researchers! Read More »
- Investigation Regarding Misconfigured Microsoft Storage Locationby msrc on October 19, 2022 at 2:04 pm
October 28, 2022 update:Added a Customer FAQ section. Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning … Investigation Regarding Misconfigured Microsoft Storage Location Read More »
- Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client riskby msrc on October 19, 2022 at 1:01 pm
Summary Microsoft was recently made aware of a Cross-Site Scripting (XSS) vulnerability (CVE-2022-35829), that under limited circumstances, affects older versions of Service Fabric Explorer (SFX). The current default SFX web client (SFXv2) is not vulnerable to this attack. However, customers can manually switch from the default web client (SFXv2) to an older vulnerable SFX web … Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk Read More »
- Let’s Honor Hispanic Heritage All Year Longby Tony Colon on October 17, 2022 at 7:00 pm
Uniting our world – becoming truly “unidos” – starts with inclusivity. To honor Hispanic Heritage Month (and all year long), here are three ways to celebrate, uplift and foster a stronger future for the Latinx community.
- Hunting for Cobalt Strike: Mining and plotting for fun and profitby msrc on October 13, 2022 at 4:00 pm
Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you have Cobalt Strike … Hunting for Cobalt Strike: Mining and plotting for fun and profit Read More »
- Webex Offers Full Data Residency in the EUby Wendy Mars on October 12, 2022 at 2:00 pm
New Webex customers across both public and private sectors can now store their Webex Calling, Meetings, and Messaging data in the EU.
- Net zero one year laterby Mary de Wysocki on September 22, 2022 at 6:00 pm
One year ago, Cisco committed to reaching net zero greenhouse gas emissions across its value chain by 2040. Cisco’s first Chief Sustainability Officer, Mary de Wysocki, reflects on our journey so far.
- Simplify your network experiences: Insights from the 2022 Gartner® Magic Quadrant™ for SD-WANby Rebecca Stone on September 22, 2022 at 12:00 pm
Dynamic IT landscapes are becoming increasingly complex and unsustainable. As a leader in the 2022 Gartner Magic Quadrant for SD-WAN, Cisco is simplifying networking experiences to help customers achieve long-term success.
- Student Loan Breach Exposes 2.5M Recordsby Nate Nelson on August 31, 2022 at 12:57 pm
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keyloggerby Nate Nelson on August 30, 2022 at 4:00 pm
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmsby Nate Nelson on August 29, 2022 at 2:56 pm
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Riseby Nate Nelson on August 26, 2022 at 4:44 pm
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Camerasby Nate Nelson on August 25, 2022 at 6:47 pm
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Twitter Whistleblower Complaint: The TL;DR Versionby Threatpost on August 24, 2022 at 2:17 pm
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
- Announcing the Cisco Global Problem Solver Challenge 2022 Winnersby Francine Katsoudas on August 23, 2022 at 2:40 pm
Announcing the winners of the sixth annual Cisco Global Problem Solver Challenge, an online competition for early-stage tech entrepreneurs solving the world’s most challenging problems. This year’s competition generated nearly 1,200 submissions from teams in 99 countries.
- Firewall Bug Under Active Attack Triggers CISA Warningby Threatpost on August 23, 2022 at 1:19 pm
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
- Fake Reservation Links Prey on Weary Travelersby Nate Nelson on August 22, 2022 at 1:59 pm
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
- iPhone Users Urged to Update to Patch 2 Zero-Daysby Elizabeth Montalbano on August 19, 2022 at 3:25 pm
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- Google Patches Chrome’s Fifth Zero-Day of the Yearby Elizabeth Montalbano on August 18, 2022 at 2:31 pm
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
- Pharrell Williams and Cisco Partner to Drive an Inclusive Future in Educationby Francine Katsoudas on July 21, 2022 at 4:00 pm
Cisco expands its partnership with Pharrell Williams’ nonprofit YELLOW to create a highly personalized and immersive education experience through YELLOWHAB. This is one more step in our mission to drive an inclusive future, demonstrating our commitment to both education and social justice.
- Taking Action to Create Equal Opportunities for Diverse Startup Founders and Venture Leadersby Derek Idemoto on July 20, 2022 at 1:00 pm
Join Cisco at the Magnetic Aspire Summit, where industry visionaries discuss their personal journeys and the challenges they faced in their technology startups and in the venture capital ecosystem. They will uncover actions we can take to help level the playing field in venture capital and across the technology industry.
- Cisco’s API-First Motion is Driving Innovation at Scaleby Liz Centoni on June 15, 2022 at 3:50 pm
Free-tier developer solutions Panoptica and Calisti continue Cisco’s strategy to connect, secure, and observe modern applications.
- Cloud-Native Observability in the Experience Economyby Liz Centoni on June 14, 2022 at 5:20 pm
Cisco Launches AppDynamics Cloud to enable the delivery of exceptional digital experiences. Application performance, security, and trust are at the center of it all.