サイバーヴィッシュ テクノロジーなどに関する最新の洞察とトレンド サイバーセキュリティ
サイバーセキュリティ

Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability

An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows The newly released patch makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections. A week ago,d HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a JavaScript file to proliferate the file-encrypting malware. After the disclosure of Magniber was done,the fix was released by 0patch. While files downloaded from the internet in Windows are tagged with a MotW flag to prevent unauthorized actions, it has since been found that corrupt Authenticode signatures can be used to allow the execution of […]

続きを読む
サイバーセキュリティ

Fodcha DDoS Botnet Resurfaces with New Capabilities

The threat actor behind the Fodcha distributed denial-of-service botnet has reemerged with new capabilities. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360’s Network Security Research Lab said in a report published last week. Earlier this April, Fodcha first came to light, with the malware propagating through known vulnerabilities in Android and IoT devices as well as weak Telnet or SSH passwords.The cybersecurity company said that Fodcha has evolved into a large-scale botnet with over 60,000 active nodes and 40 command-and-control (C2) domains that can “easily generate more than 1 Tbps traffic.” Peak […]

続きを読む
サイバーセキュリティ

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

Juniper Junos OS suffered several security flaws, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. “This vulnerability can be exploited by an unauthenticated remote attacker to get remote phar files deserialized, leading to arbitrary file write, which leads to a remote code execution (RCE),” Yibelo said in a report. Also identified are five other issues, which are listed as follow – CVE-2022-22242 (CVSS score: 6.1) – A pre-authenticated reflected XSS on the error page (“error.php”), allowing a remote […]

続きを読む
未分類

Largest EU copper producer Aurubis suffers cyberattack

Aurubis which is German copper producer suffers cyberattack German copper producer Aurubis ,which is Europe’s largest copper producer and the world’s second largest, has announced that it suffered a cyberattack that forced it to shut down IT systems to prevent the attack’s spread. Aurubis with 6,900 employees worldwide, and produces one million tonnes of copper cathodes yearly. In an announcement published on their website, Aurubis says they shut down various systems at their locations but that it has not impacted production. “The production and environmental protection facilities at the smelter sites are running, and incoming and outgoing goods are also being maintained manually,” comments Aurubis’ announcement. At this time, the […]

続きを読む
サイバーセキュリティ

A possible data breach being reviewed by Bed Bath & Beyond

Bed Bath & Beyond said that there was a possible data breach in the company Bed Bath & Beyond Inc were of the view that there was a possible data breach in the company. The company on Friday said that a third party had improperly accessed its data through a phishing scam this month. The data was breached by accessing the hard drive and certain shared drives of one of its employees. The big-box retailer said it was reviewing the data that was accessed so it can determine whether the drives contained any sensitive or personally identifiable information. The home goods retailer added it has no reason to believe that […]

続きを読む
サイバーセキュリティ テクノロジー

LASTPASS – FACING SECURITY ISSUES AGAIN?

Lastpass- the password management solution which had the beliefs of thousands of users suddenly faced criticism on account of its security incident last month. Lastpass has a record of security incidents in 2011, 2015, 2016,2019,2021,2022.

続きを読む
silver and black laptop computer
サイバーセキュリティ テクノロジー

HP Enterprise Computers were left vulnerable to cyberattacks because of unpatched high-severity security vulnerabilities.

Security researchers have found hidden vulnerabilities in several models of HP’s Business-oriented notebooks that continue to be unpatched, (Sic) Binarily told listeners at the Black Code conference.It said that these flaws are “difficult to detect with TPM measurements.” Firmware flaws can have serious implications as they allow an adversary to achieve long-term persistence on a device running in the background, evading traditional operating system security protections. The high-severity vulnerabilities identified by Binarly affect HP EliteBook devices and concern a case of memory corruption in the System Management Mode (SMM) of the firmware, thereby enabling an attacker to execute arbitrary code with highest privileges – CVE-2022-23930 (CVSS score: 8.2) – Stack-based buffer […]

続きを読む