Cybersecurity
Category Added in a WPeMatico Campaign
Researchers have discovered a vulnerability named CacheWarp in AMD’s SEV trusted execution environment, which can lead to arbitrary code execution, exposure of sensitive data, or privilege escalation within a guest VM.
Nov 15, 2023NewsroomRansomware / Vulnerability Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was […]
Cybercrime , Fraud Management & Cybercrime Browser Data, Crypto Wallets and Chat Apps Are Also Top Targets, Researchers Report Mathew J. Schwartz (euroinfosec) • November 13, 2023 Image: Shutterstock In the dubious race for popularity among cybercriminals, Redline Stealer appears to be far and away attackers’ top choice for malware built to steal […]
Millions of browser-based cryptocurrency wallets are affected by an open-source software vulnerability that can be abused by attackers to steal over $1 billion worth of cryptocurrency. The vulnerability, dubbed as Randstorm, affects the 0.13 version of Bitcoin JS, a popular JavaScript library used to generate cryptocurrency wallets. More in detail The vulnerability primarily affects multiple […]
Millions of cryptocurrency wallets created between 2011 and 2015 are potentially affected by an open source software vulnerability and might need to be regenerated, according to new research from Unciphered. While helping a customer regain access to a locked Bitcoin wallet last year, Unciphered discovered issues in the open source JavaScript Bitcoin library BitcoinJS that […]
The UK’s critical infrastructure (CNI) providers face a persistent and critical threat from emboldened state-backed and aligned actors, a leading UK cybersecurity agency has warned. The National Cyber Security Centre (NCSC), part of GCHQ, issued the warning in its Annual Review 2023. Over the past year it has repeatedly sounded the alarm over the activity […]
Breach Notification , Cybercrime , Fraud Management & Cybercrime 6 Data Breach Have Been Filed Against the Company in the Past Week Marianne Kolbasuk McGee (HealthInfoSec) • November 14, 2023 Postmeds, which operates as Truepill, is notifying 2.36 million patients that their information was compromised in a recent hacking incident. (Image: Truepill) A […]
The IPStorm botnet evolved since 2019, targeting Windows, Linux, Mac, and Android devices, using the InterPlanetary File System (IPFS) network to hide its activities and offering access to thousands of compromised systems for a high price.
What do basketball teams, government agencies, and car manufacturers have in common? Each one has been breached, having confidential, proprietary, or private information stolen and exposed by insiders. In each case, the motivations and methods varied, but the risk remained the same: insiders have access to too much data with too few controls. Insider threats […]