Organized crime is not limited to cybercrime, but cybercrime has become a major part of organized criminal activity. Europol sees this increasing – business transformation, the increasingly digital society, and the growth of remote working all provide new vulnerabilities and more opportunities for exploitation. “Critical infrastructures will continue to be targeted by cybercriminals in the…

Last Thursday (April 15th), Rosenworcel made a statement on future priorities by reestablishing the Communications, Security, Reliability, and Interoperability Council (CSRIC) with a focus on 5g networks and software and cloud services vulnerabilities. “I am committed to working with our federal partners and the private sector to increase the security and resiliency of our nation’s…

IoT security company Forescout on Tuesday revealed that four popular TCP/IP stacks — specifically FreeBSD, Siemens’ Nucleus, IPnet and NetX — are affected by a total of nine DNS-related flaws that can be exploited for remote code execution (including to take control of targeted devices), DoS attacks, and DNS cache poisoning. The vulnerabilities, collectively tracked…

On April 7, at the Pwn2Own 2021 hacking competition, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for a remote code execution exploit that works against web browsers that are based on Google’s open source Chromium project. The researchers demonstrated the exploit against both Chrome and Microsoft Edge. Visiting a specially crafted website…

The bug, specifically a memory corruption issue, was found to impact QNAP NAS devices running Surveillance Station versions 5.1.5.4.2 and 5.1.5.3.2, and was addressed in February this year. Tracked as CVE-2020-2501, this security hole is a stack-based buffer overflow that could be abused by remote attackers to execute code on an affected system, without authentication….

Over the course of three days, participants made 23 attempts, targeting Safari, Chrome, Edge, Windows 10, Ubuntu, Microsoft Teams, Zoom, Parallels, Oracle VirtualBox, and Microsoft Exchange. Oracle VirtualBox was only targeted by one team and their attempt failed. The other products were all hacked by at least one team. Results from Pwn2Own 2021The highest rewards…

Developed by Greyware Automation Products, Inc., Domain Time II is a time synchronization software designed to help enterprises ensure accurate time across their networks. The suite of tools provides testing, administration, and auditing capabilities. Domain Time II consists of client and server programs, and both use the same executable to check for updates, namely dttray.exe….

At the beginning of 2021, the threat actors behind the Cring ransomware were observed launching numerous attacks on European industrial enterprises, forcing at least one organization to shut down a production site. The initial vector of attack was later identified as CVE-2018-13379, a vulnerability in the FortiOS SSL VPN web portal that could allow unauthenticated…