Security by design needs to be ingrained in software development and innovative thinking is required to help secure society against cyber attacks as technology become a bigger part of our everyday lives.
The National Cyber Security Centre, part of spy agency GCHQ, said the new offering would share real-time threat data with internet service providers (ISPs), enabling them to instantly block access to known fraudulent sites.
Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks. A Discord user with the handle “Portu” was found advertising this new password-stealing malware builder.
The automation specialist polled over 1000 security pros in the US and Europe to compile its latest State of Mental Health in Cybersecurity report, which is being published to coincide with Mental Health Awareness Week.
The threat actor is said to have conducted two different sets of intrusions, one of which relates to opportunistic ransomware attacks involving the use of legitimate tools like BitLocker and DiskCryptor for financial gain.
Based on severity ratings and the currently listed bug bounties, the most important of these flaws is CVE-2022-1633, a high-severity use-after-free in Sharesheet that was reported by Khalil Zhani, who was awarded a $5,000 reward for the find.
Intel also announced the release of patches for a high-severity bug in Boot Guard and Trusted Execution Technology (TXT). Tracked as CVE-2022-0004 (CVSS score of 7.3), the bug could be exploited to elevate privileges on a vulnerable system.
Researchers at Atos-owned cybersecurity consulting firm SEC Consult analyzed Konica Minolta printers to determine what could be achieved by an attacker who has physical access to a device. The answer: a lot!
FluBot is looking to steal financial account credentials of its victims by overlaying phishing pages on top of the legitimate banking and cryptocurrency applications. It can access SMS data, perform phone calls, and monitor incoming notifications.
The vulnerability, tracked as CVE-2022-26925 and reported by Bertelsmann Printing Group’s Raphael John, has been exploited in the wild and seems to be related to the PetitPotam NTLM relay attack.