A new and previously undetected malware dubbed ‘Lightning Framework’ targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a “Swiss Army Knife” in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins. “The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration,” Intezer security researcher Ryan Robinson said. This malware...
Cybersecurity News
Cyber Security News, Information Security News, CyberSecurity Analysis, Breaking Cyber Security News. Exploit & Vulnerability News. Data Breach News Today.
Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers. The hardcoded password is added after installing the Questions for Confluence app (versions 2.7.34, 2.7.35, and 3.0.2) for a user account with the username disabledsystemuser — designed to help admins with the migration of data from the app to the Confluence Cloud. According to Atlassian, the app helps improve communication with the organization’s internal Q&A team and is currently installed on over 8,000 Confluence servers. “The disabledsystemuser...
What initially started like a minor Microsoft Teams outage has also taken down multiple Microsoft 365 services with Teams integration, including Exchange Online, Windows 365, and Office Online. “We’ve received reports of users being unable to access Microsoft Teams or leverage any features,” the company revealed on its official Microsoft 365 Status Twitter account more than 8 hours ago. Two hours later, Redmond said the issue causing the connection problems was a recent deployment that featured a broken connection to an internal storage service. However, Teams was not the only product impacted by the outage since...
The popular open-source Linux distribution, Kali Linux, specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers. Getting Kali Linux on Linode The infrastructure-as-a-service (IaaS) platform provider, recently acquired by Akamai, offers two ways to get Kali: A bare-install version in the form of an official Kali distribution (without a GUI and tools) that can be deployed on any Linode compute instance and used via a command line interface A Kali Linux Marketplace app (with an XFCE user interface, a full suite of tools, and...
Remember Log4j? Well, Log4J is one of the Apache Software Foundation’s many software projects (more than 350 at current count), and it’s a programming library that Java coders can use to manage logfiles in their own products. Logfiles are a vital part of development, debugging, record keeping, program monitoring, and, in many industry sectors, of regulatory compliance. Unfortunately, not all text you logged – even if it was sent in by an external user, for example as a username in a login form – was treated literally. If you gave your...
Motherboard is publishing parts of the code for the Anom encrypted messaging app, which was secretly managed by the FBI in order to monitor organized crime on a global scale. The FBI operation in which the agency intercepted messages from thousands of encrypted phones around the world was powered by cobbled together code. Motherboard has obtained that code and is now publishing sections of it that show how the FBI was able to create its honeypot. The code shows that the messages were secretly duplicated and sent to a...
Ransomware attacks against education are on the rise and many institutions are ill-equipped to deal with the threat – so pay ransoms. The number of ransomware attacks against schools and universities is on the rise – and victims are struggling to recover after their networks have been hit. According to analysis by cybersecurity researchers at Sophos, education is facing an increased challenge from the threat of ransomware as cyber criminals go after what they perceive to be an easy, but potentially lucrative target. “Schools are among those being hit the hardest by...
China uses personal, business and political relationships to gather information and influence actions. U.S. and UK government agencies urge caution. In an apparent, concerted effort to spread the word on the threat posed by China to governments at the state and local level as well as businesses of all sizes, the U.S. National Counterintelligence and Security Centre (NSCS), issued a “Safeguarding Our Future” bulletin. “Protecting Government and Business Leaders at the U.S. State and Local Level from People’s Republic of China (PRC) Influence Operations” differs from previous warnings on...
A leaked trove of confidential files has revealed the inside story of how the tech giant Uber flouted laws, duped police, exploited violence against drivers and secretly lobbied governments during its aggressive global expansion. Emmanuel Macron secretly aided Uber lobbying in France, texts reveal Files expose attempts to lobby Joe Biden, Olaf Scholz and George Osborne Company used ‘kill switch’ during raids to stop police seeing data Former Uber CEO told executives ‘violence guarantees success’ The unprecedented leak to The Guardian of more than 124,000 documents – known as the Uber files – lays bare...
A college has vowed to investigate after the personal details of hundreds of its applicants were emailed to a single parent by mistake. In August last year, the parent of a City College Norwich student was in an email exchange with one of the college’s customer service team when she received an unanticipated attachment. An email was sent to her containing a spreadsheet titled “P2E links for scheduled applicants”. Presuming it was related to the matter she was pursuing with the college, she opened the attachment expecting to see...
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu