Technology

Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany’s Federal Office of Information Security (BSI) against using the company’s security solutions in the country over “doubts about the reliability of the manufacturer.” Calling that the decision was made on “political grounds,” the company said it will “continue to assure our partners and customers […]

Researchers have disclosed an unpatched security vulnerability in “dompdf,” a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. “By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache,

Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia’s continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper “CaddyWiper,” which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated

As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471. The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively.

A number of websites belonging to the Israeli government were felled in a distributed denial-of-service (DDoS) attack on Monday, rendering the portals inaccessible for a short period of time. “In the past few hours, a DDoS attack against a communications provider was identified,” the Israel National Cyber Directorate (INCD) said in a tweet. “As a result, access

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran’s MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately

As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. For these sysadmins it’s not an easy task, however. In enterprise IT, sysadmins teams have a wide remit but limited resources. For systems administrators finding the

French video game company Ubisoft on Friday confirmed it was a victim of a “cyber security incident,” causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure. “Also, we can confirm

Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. “A local privilege escalation vulnerability, also known as ‘Dirty Pipe,’ has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x

A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write