"Barracuda Gateways Hit by Another Vulnerability"

"Barracuda Gateways Hit by Another Vulnerability"

A zero-day vulnerability impacting Barracuda Networks' Email Security Gateway (ESG) enables hackers to install backdoors. The vulnerability exists in Spreadsheet::ParseExcel, an open-source library for processing Excel files. The library is used by the Amavis virus scanner on the ESG to scan Excel attachments sent via email. The vulnerability, tracked as CVE-2023-7102, allows malicious Excel attachments to run arbitrary code on a Barracuda ESG. According to Barracuda, there have already been several exploits of this vulnerability.

Submitted by Gregory Rigby on

"New Version of Meduza Stealer Released in Dark Web"

"New Version of Meduza Stealer Released in Dark Web"

The Resecurity's HUNTER unit discovered a new version of the Meduza stealer that supports more software clients, including browser-based cryptocurrency wallets. Meduza 2.2 also has an improved credit card grabber. According to researchers, Meduza is a strong competitor to Azorult, Redline, Racoon, and Vidar Stealer for Account Takeover (ATO), online banking theft, and financial fraud. This article continues to discuss key findings regarding the new version of the Meduza stealer.

Submitted by Gregory Rigby on

"API Security in 2024: Predictions and Trends"

"API Security in 2024: Predictions and Trends"

The complexity of Application Programming Interface (API) security continues to grow as technology advances. The rise of APIs in modern applications and services calls for organizations to better understand their API environments and the operational risks that APIs pose. Graylog CEO Andy Grolnick highlights several key trends and predictions that will shape the API security landscape in 2024. According to Grolnick, the number of targeted application-level attacks will increase.

Submitted by Gregory Rigby on

"CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK"

"CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK"

The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new phishing campaign launched by the Russia-linked APT28 group to steal sensitive information. The campaign involves previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK. The agency discovered the activity between December 15 and December 25, 2023, targeting government entities with email messages urging recipients to click on a link to view a document. This article continues to discuss the APT28 group's new phishing campaign that distributes OCEANMAP, MASEPIE, and STEELHOOK.

Submitted by Gregory Rigby on

"Content Credentials Will Fight Deepfakes in the 2024 Elections"

"Content Credentials Will Fight Deepfakes in the 2024 Elections"

The shift toward content credentials comes as interest in automated deepfake-detection systems wanes. The Coalition for Content Provenance and Authenticity (C2PA) group combines the Adobe-led Content Authenticity Initiative and Project Origin, a media provenance effort. In 2021, initial standards were released for attaching cryptographically secure metadata to image and video files. Any change to the file in its system is automatically reflected in the metadata, breaking the cryptographic seal and revealing any tampering.

Submitted by Gregory Rigby on

2024 27th International Symposium on Design and Diagnostics of Electronic Circuits & Systems (DDECS)

"The International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS) provides a forum for exchanging ideas, discussing research results and presenting practical applications in the areas of design, test, and diagnosis ofnanoelectronic digital, analog, and mixed-signal circuits and systems."

Topics of interest include, but are not limited to security.

2024 Panhellenic Conference on Electronics and Telecommunications (PACET)

"PACET 2024 aims to provide a platform, not only for natives but also for international students and researchers, to report progress and recent advances in all aspects of electronics and communications, both at academic and industrial levels. Renowned experts from academia and industry in the field of electronics and telecommunications will deliver inspiring keynote speeches, sharing their insights and experiences with the conference participants.

2024 Design, Automation and Test in Europe Conference and Exhibition (DATE)

"The DATE conference is the main European event bringing together designers and design automation users, researchers and vendors as well as specialists in the hardware and software design, test and manufacturing of electronic circuits and systems."

Topics of interest include, but are not limited to security.

"Microsoft Disables MSIX Protocol Handler Abused in Malware Attacks"

"Microsoft Disables MSIX Protocol Handler Abused in Malware Attacks"

Multiple financially motivated threat groups have abused the MSIX ms-appinstaller protocol handler to infect Windows users with malware, prompting Microsoft to disable it again. Attackers exploited the Windows AppX Installer spoofing vulnerability to bypass security measures implemented to protect Windows users from malware. According to Microsoft, threat actors use malicious advertisements for popular software as well as Microsoft Teams phishing messages to distribute signed malicious MSIX application packages.

Submitted by Gregory Rigby on

"Crooks Push Holiday Misery With 'Leaksmas' Release of 50M PII Records"

"Crooks Push Holiday Misery With 'Leaksmas' Release of 50M PII Records"

Cybercriminals have released 50 million stolen consumer records, including credit card data and Personally Identifiable Information (PII), as a "Free Leaksmas" gift. According to researchers at Resecurity, criminals posting on underground forums used the Free Leaksmas tag to promote the data, which included data stolen from companies and governments in a dozen countries.

Submitted by Gregory Rigby on
Subscribe to