Atlassian has released multiple patches to fix a critical security vulnerability in Jira Service Management Server and Data Center. The flaw (tracked CVE-2023-22501) has a CVSS score of 9.4 and can reportedly be exploited by attackers to impersonate other users and obtain unauthorized access to affected instances. “With write access to a User Directory and
Cyber Security
This is where news and updates on Cyber Security are published on a daily basis.
A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate. “PixPirate belongs to the newest generation of Android
Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy. The app economy in 2023 hit a few snags, as consumer spending last year dropped for the first time by 2% to $167 billion, according to the latest “State
Toward the end of 2022, a number of entrepreneurs — some citing Elon Musk — told me they planned to bring back in-person work culture in the following year to help promote productivity and, in some cases, loyalty. One founder even told me over drinks that they weren’t worried about losing talent — claiming that
As our latest APT Activity Report makes abundantly clear, the threat of cyberespionage and stealthy attacks remains very real The threat of cyberespionage and stealthy cyberattacks remains very real, and the data from ESET’s T3 2022 APT Activity Report released this week backs this up. In this video, Tony shares some of the key takeaways
Ok, I’m late to the party. Very late. Most analysts and just about all my Enterprise Strategy Group colleagues have already published their predictions for 2023. In my defense, the identity space is hot, hot, hot — which is keeping me busy, busy, busy. And that brings me to my first identity prediction. 1. Economic
Threat actors have been observed using malvertising attacks to distribute virtualized .NET malware loaders dubbed “MalVirt.” According to a Thursday advisory by SentinelOne, the new loaders leverage obfuscated virtualization techniques to avoid detection. “The loaders are implemented in .NET and use virtualization, based on the KoiVM virtualizing protector of .NET applications, in order to obfuscate
by Paul Ducklin The open source operating system distribution OpenBSD is well-known amongst sysadmins, especially those who manage servers, for its focus on security over speed, features and fancy front-ends. Fittingly, perhaps, its logo is a puffer fish – inflated, with its spikes ready to repel any wily hackers who might come along. But the
Feb 04, 2023Ravie LakshmananEnterprise Security / Ransomware VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. “These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021,” the Computer Emergency Response Team (CERT) of France said in an
Four months after closing its largest fund to date, Kapor Capital wants more. The firm is under new leadership after co-founders Freada and Mitch Kapor stepped back from the outfit, which focuses on funding social impact ventures and founders of color. Now, led by Uriridiakoghene “Ulili” Onovakpuri and Brian Dixon, Kapor Capital is hoping to
“Can I tell a legitimate survey apart from a fake one?” is the single most important question you need to answer for yourself before taking any surveys online Online surveys and quizzes are all over the internet. They’re quick and cheap to set up, easy for recipients to fill out, and simple for researchers to
The Indian government has ordered Vodafone Idea to convert all the interest it owes to the government into equity in the firm, making it by far the largest shareholder in the troubled telecom giant. Vodafone said it has been ordered to convert capital worth about $2 billion into equity. The company “will take all necessary
What is Dridex malware? Dridex is a form of malware that targets its victims’ banking information, with the main goal of stealing online account credentials to gain access to their financial assets. Malware, or malicious software, is a type of software intended to cause harm to a user. Specifically, Dridex malware is classified as a
A US man could face a maximum jail term of 40 years after being charged with fraudulently obtaining $110m of cryptocurrency from crypto exchange Mango Markets and its customers. Avraham Eisenberg, 27, was living in Puerto Rico when he carried out the alleged scheme, according to the Department of Justice (DoJ). He’s now been charged
by Paul Ducklin WHY DID THAT TAKE SO LONG? Latest epidode – listen now. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts,
Feb 03, 2023Ravie LakshmananCloud Security / Vulnerability Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and
Damus, one of the fastest-growing Twitter alternatives, has been pulled from China’s App Store just two days after the app was approved by Apple. The app, which runs atop the Jack Dorsey-backed decentralized social networking protocol Nostr, was removed from the China App Store per request by the country’s top internet watchdog because it “includes
Lose what you don’t use and other easy ways to limit your digital footprint and strengthen your online privacy and security In case you missed it, last week was Data Privacy Week, an awareness campaign to remind everybody that any of our online activities creates a trail of data and that, therefore, we need to
When Salesforce announced it was laying off 10% of its workforce last month, you might have assumed that meant that everyone who was affected was informed at that time. With social media flush with people talking about Salesforce layoffs today, the company says these are part of that original announcement, but some folks are learning
Security experts claim to have discovered the first “cryptorom” scam applications to have successfully bypassed Apple’s strict App Store vetting processes. The two apps in question, Ace Pro and MBM_BitScan, were also discovered on Google Play. However, it is their presence on the App Store, usually governed by stricter security protocols, which will alarm users.
by Paul Ducklin It’s been a newsworthy few weeks for password managers – those handy utilities that help you come up with a different password for every website you use, and then to keep track of them all. At the end of 2022, it was the turn of LastPass to be all over the news,
Feb 02, 2023Ravie LakshmananDatabase Security / Cryptocurrency At least 1,200 Redis database servers worldwide have been corralled into a botnet using an “elusive and severe threat” dubbed HeadCrab since early September 2021. “This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number
Xpeng, a Chinese electric vehicle upstart, is gearing up to launch its eVTOL into the air as it secures a key regulatory greenlight. Aeroht, owned by Xpeng and Xpeng founder He Xiaopeng, just obtained a special flight permit from the Civil Aviation Administration of China, the country’s counterpart to the U.S. Federal Aviation Administration. The
Waverly Labs, the company behind wearables focused on translation, has launched an app called Forum that helps users translate and transcribe audio in real-time. The company says the solution is useful for lecturers, auditoriums and theaters. What’s more, it is also compatible with video calling apps like Zoom, Microsoft Teams and Google Meet. Forum is
Listen to this podcast This podcast episode discusses the law enforcement operation that led to the infiltration and takedown of the Hive network and what it could mean for other ransomware gangs. The U.S. Department of Justice last week announced a major victory in the fight against ransomware with the takedown and seizure of Hive’s
A critical new vulnerability disclosed by network-attached storage (NAS) vendor QNAP this week could be exploited on almost 30,000 devices globally, according to Censys. The security firm scanned the internet to find 67,415 hosts running QNAP-based systems around the world. Although it could only find the version number on 30,250 of them, a worrying 98%
by Paul Ducklin Another day, another access-token-based database breach. This time, the victim (and in some ways, of course, also the culprit) is Microsoft’s GitHub business. GitHub claims that it spotted the breach quickly, the day after it happened, but by then the damage had been done: On December 6, 2022, repositories from our atom,
Feb 01, 2023The Hacker NewsSIEM / Kubernetes Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T3 2022 ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022. In the monitored timespan,
Superstrata’s e-bike is a strange specimen — there’s no two ways about it. In some ways that makes sense; the bike’s concept, borne out in seamless 3D-printed carbon fiber, springs from an equally strange premise. We’ll get into that. Talking to Sonny Vu, founder of Superstrata’s parent company Arevo, the bikes were crafted not out
- 1
- 2
- 3
- …
- 288
- Next Page »