A remotely exploitable vulnerability in the Cisco Emergency Responder software could allow an unauthenticated attacker to log in to an affected device using the root account, according to a warning from the U.S. tech vendor. The vulnerability, tracked as CVE-2023-20101, carries a CVSS severity score of 9.8/10 and a “critical” tag from Cisco’s security response […]
Dear Naked Security readers, Firstly, thank you for your interest, your time, and your contributions to the Naked Security community. Your invaluable engagement and expertise have helped improve cybersecurity for everyone. We have recently added the extensive catalog of Naked Security articles to the Sophos News blog platform, enabling us to provide all Sophos security […]
Recent headlines have cast a spotlight on the evolving nature of cyber threats and their ripple effects across industries, accentuating the value of sensitive information in the modern threat landscape. The seismic SolarWinds attack, a supply-chain breach with widespread ramifications, underscores the transformation in hackers’ motivations — transitioning from a singular pursuit of financial gain to […]
Sep 23, 2023THNCyber Espionage / Malware Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. “Deadglyph’s architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly,” ESET […]
Video Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groups 22 Sep 2023 The lineup of speakers at this year’s edition of LABScon featured two ESET malware researchers who took to the stage to deconstruct sophisticated attacks conducted by two well-known APT groups. […]
Viavi Solutions unveiled Observer Sentry, Software-as-a-Service-based Threat Exposure Management providing SecOps, DevOps, and cloud architects much-needed threat visibility into ever-changing AWS environments. The 2023 State of the Network study from VIAVI revealed increases in enterprises’ dependence on the cloud, dissatisfaction with cloud visibility, and time spent on security issues. In an effort to continuously improve […]
Chip giant Intel announced on the second day of its Intel Innovation 2023 event the general availability of an attestation service that is part of Trust Authority, a new portfolio of security software and services. The new attestation software-as-a-service, codenamed Project Amber, is the first service in the Intel Trust Authority portfolio. It offers a […]
China’s onslaught of cyberattacks on critical infrastructure is likely a contingency move designed to gain a strategic advantage in the event of kinetic warfare, according to the US Department of Defense (DoD). The agency’s 2023 Cyber Strategy released this week flagged an uptick in state-sponsored cybercrime from the People’s Republic of China (PRC), specifically against […]
Sep 14, 2023THNEndpoint Security / Vulnerability A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. “Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run […]
Video Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States 14 Sep 2023 This week, ESET researchers unveiled their findings about a campaign by the Ballistic Bobcat APT group that deployed […]