Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Stealthy Symbiote Linux malware is after financial institutions

Symbiote, the latest malware to hit Linux users, is a parasite more than anything. Protect against this banking credential stealer now! The post Stealthy Symbiote Linux malware is after financial institutions appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#web#ios#mac#linux#intel#backdoor#bios
Dark web awash with breached credentials, study finds

Many consumers still relying on easy-to-crack passwords, warns Digital Shadows

Why We Need Security Knowledge and Not Just Threat Intel

Organizations that can break out of siloed data and apply context can transform intelligence into actionable, relevant security knowledge.

24+ Billion Credentials Circulating on the Dark Web in 2022 — So Far

Username and password combinations offered for sale on the Dark Web by criminals has increased 65% since 2020.

Travel-related Cybercrime Takes Off as Industry Rebounds

Upsurge in the tourism industry after the COVID-19 pandemic grabs the attention of cybercriminals to scam the tourists.

New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs

A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed Hertzbleed by a group of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling (DVFS), power and thermal

Patch Tuesday: Microsoft Issues Fix for Actively Exploited 'Follina' Vulnerability

Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are 55 other flaws, three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately, five other shortcomings were resolved in the Microsoft Edge browser. <!-

CVE-2022-31066: fix: Remove MessageBus Options data from configuration after client created by lenny-intel · Pull Request #4016 · edgexfoundry/edgex-go

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message bus credentials when running in security-enabled mode. (No credentials are required when running in security-disabled mode.) As a result, attackers could intercept data or inject fake data into the EdgeX message bus. Users should upgrade to EdgeXFoundry Kamakura release (2.2.0) or to the June 2022 EdgeXFoundry LTS Jakarta release (2.1.1) to receive a patch. More information about which go modules, docker containers, and snaps contain patches is available in the GitHub Security Advisory. There are currently no known workarounds for this issue.

In Case You Missed RSA Conference 2022: A News Digest

Here's a rundown of Dark Reading's reporting and commentary from and surrounding the first in-person RSA Conference since the pandemic began in 2020.

Chinese Threat Actor Employs Fake Removable Devices as Lures in Cyber Espionage Campaign

"Aoqin Dragon" has been operating since at least 2013, with targets including government and telecommunications companies in multiple countries.