Read Time:6 Second
FEDORA-2022-6748ae617b
Packages in this update:
rsh-0.17-98.fc34
Update description:
Security fix for CVE-2019-7282
AvosLocker Ransomware Striking Critical Infrastructure Targets
NFT Fraud in the UK Soars 400% in 2021
Over 40,000 London Voters Have Data Leaked to Strangers
Hackers demand $15 million ransom from TransUnion after cracking “password” password
Read Time:12 Second
International credit bureau TransUnion says that hackers managed to breach a server operated by its South African division, and gained access to the personal information of individuals.
Read more in my article on the Hot for Security blog.
6 questions CISOs should ask if their cybersecurity vendor is acquired
Read Time:47 Second
The sharp increase in funding and mergers-and-acquisition (M&A) activity in the cybersecurity industry over the last year has brought into focus the challenges that organizations can run into when their vendor is acquired by or merges with another company. Specialized, pure-play security companies are being bought by bigger and more generalized technology vendors or by private firms seeking to cash in on the cybersecurity boom.
Data that S&P Global Market Intelligence compiled last November showed there were 151 M&A cybersecurity deals in the first three quarters of 2021 alone compared to 94 over the same period in 2020, 88 in 2019, and 80 in 2018. Many companies secured massive venture capital (VC) investments from private equity firms. Some were acquired outright by these firms. VC firms poured nearly $22 billion into cybersecurity firms last year, which was a record.
8 IT security disasters: Lessons from cautionary examples
Read Time:1 Minute, 0 Second
Anyone who follows cybersecurity is aware of the steady drumbeat of data breaches and attacks. So, an attack needs to really stand out to earn the name “disaster.”
We’ve assembled eight truly disastrous IT security failures over the past decade, with the goal of finding not just clever hacks, but real mistakes on the part of the victims. Hopefully you’ll come away with some ideas on how not to suffer a disaster of your own.
[ Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. | Sign up for CSO newsletters. ]
2012: Court Ventures gets social-engineered
Hieu Minh Ngo proved that you don’t need a lot of technical know-how to breach the security of an important data broker and get access to a lot of people’s private information. Sometimes all it takes is some brazen misrepresentation and social engineering skills. While still in his early 20s, Ngo convinced Court Ventures, a data broker later purchased by Experian, that he was a private investigator in Singapore. He then purchased personally identifying information (PII) from Court Ventures as part of his “work.”
[CFP-ESORICS 2022]: 27th European Symposium on Research in Computer Security (ESORICS) 2022
Read Time:16 Second
Posted by CFP – ESORICS 2022 on Mar 20
[Apologies for cross-posting]
————————————————————————–
C a l l F o r P a p e r s
27th European Symposium on Research in Computer Security (ESORICS) 2022
26-30 September 2022, Copenhagen, Denmark
URL: https://esorics2022.compute.dtu.dk/#
————————————————————————–
===================
CONFERENCE OUTLINE:
===================
We are looking…
Adversary3 v1.0 – Malware vulnerability intel tool for third-party attackers.
Read Time:7 Second
Posted by malvuln on Mar 20
Adversary3 v1.0 – Malware vulnerability intel tool for third-party
attackers.
BuilderRevengeRAT – (Revenge-RAT v0.3) / XML External Entity Injection
Read Time:21 Second
Posted by malvuln on Mar 20
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/531d8b4ac8f7eb827d62424169321b2b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: BuilderRevengeRAT – (Revenge-RAT v0.3)
Vulnerability: XML External Entity Injection
Description: The malware listens on TCP port 333. There is a Config.xml
file used by the RAT builder to specify port, notification, webcam etc. The
XML parser used…