The superior-severity security vulnerabilities enable elevation of privileges, primary to facts theft and additional. A set of large-severity privilege-escalation vulnerabilities impacting Business …
Lazarus Targets Job-Seeking Engineers with Malicious Documents
Notorious North Korean APT impersonates Airbus, Standard Motors and Rheinmetall to lure potential victims into downloading malware. The notorious Lazarus superior persistent menace (APT) team has …
Lazarus Targets Job-Seeking Engineers with Malicious DocumentsRead More
Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign
A worldwide energy to steal details from electrical power corporations is working with advanced social engineering to supply Agent Tesla and other RATs. A complex marketing campaign concentrating on …
Oil & Gas Targeted in Year-Long Cyber-Espionage CampaignRead More
Coursera Flunks API Security Test in Researchers’ Exam
The trouble APIs involved numero uno on the OWASP API Security Major 10: a Damaged Item Degree Authorization (BOLA) issue that could have uncovered private knowledge. Researchers have learned many …
Coursera Flunks API Security Test in Researchers’ ExamRead More
Critical Sage X3 RCE Bug Allows Full System Takeovers
Security vulnerabilities in the ERP system could enable attackers to tamper with or sabotage victims’ organization-critical processes and to intercept info. 4 vulnerabilities afflict the well-known …
Critical Sage X3 RCE Bug Allows Full System TakeoversRead More
MacOS Targeted in WildPressure APT Malware Campaign
Danger actors enlist compromised WordPress sites in marketing campaign targeting macOS buyers. Threat actors recognised as WildPressure have included a macOS malware variant to their hottest …
MacOS Targeted in WildPressure APT Malware CampaignRead More
Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing
The unnamed suspect allegedly aided to acquire carding and phishing kits with the goal of stealing customers’ lender-card details. A Moroccan man suspected of getting “Dr HeX” – the prolific threat …
Suspected ‘Dr HeX’ Hacker Busted for 9 Years of PhishingRead More
Fake Kaseya VSA Security Update Drops Cobalt Strike
Threat actors are planting Cobalt Strike backdoors by malspamming a bogus Microsoft update together with a SecurityUpdates.exe. A malware spam marketing campaign is milking the Kaseya ransomware …
Fake Kaseya VSA Security Update Drops Cobalt StrikeRead More
Why I Love (Breaking Into) Your Security Appliances
David “moose” Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to “pick one lock” to invade an business by means of them. Amid the Colonial Pipeline and …
Why I Love (Breaking Into) Your Security AppliancesRead More
Microsoft Releases Emergency Patch for PrintNightmare Bugs
The resolve doesn’t include the overall dilemma nor all impacted units having said that, so the enterprise also is offering workarounds and plans to release further solutions at a afterwards …
Microsoft Releases Emergency Patch for PrintNightmare BugsRead More
Android Apps in Google Play Harvest Facebook Credentials
The applications all made use of an abnormal tactic of loading a reputable Facebook webpage as element of the info theft. A established of nine malicious Android apps that steal Facebook credentials …
Android Apps in Google Play Harvest Facebook CredentialsRead More
Western Digital Users Face Another RCE
Say howdy to one far more zero-day and yet much more probable distant facts death for all those who cannot/won’t update their My Cloud storage gadgets. Terrible information will come in threes, …
Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted
REvil ransomware gang lowers value for common decryptor immediately after enormous around the world ransomware force against Kaseya security vulnerability CVE-2021-30116. The all over the world July …
Kaseya Patches Imminent After Zero-Day Exploits, 1,500 ImpactedRead More
Kaseya Attack Fallout: CISA, FBI Offer Guidance
Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer direction to victims. The REvil cybergang is using credit history for Friday’s enormous ransomware attack in …
Ransomware Defense: Top 5 Things to Do Right Now
Matt Bromiley, senior guide with Mandiant Managed Protection, discusses the major tips and recommendations for protecting organization environments from ransomware. If there is any cyber-menace at …
TrickBot Spruces Up Its Banking Trojan Module
Following concentrating practically exclusively on offering ransomware for the earlier yr, the code changes could show that TrickBot is having again into the bank-fraud game. The TrickBot trojan is …
Widespread Brute-Force Attacks Tied to Russia’s APT28
The ongoing attacks are focusing on cloud providers this sort of as Business office 365 to steal passwords and password-spray a vast variety of targets, together with in U.S. and European governments …
Widespread Brute-Force Attacks Tied to Russia’s APT28Read More
Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks
Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the lots of security worries and failings plaguing this marketplace. The health care marketplace is underneath …
Why Healthcare Keeps Falling Prey to Ransomware and Other CyberattacksRead More
CISA Offers New Mitigation for PrintNightmare Bug
CERT urges administrators to disable the Windows Print spooler assistance in Domain Controllers and units that really don't print, though Microsoft tries to explain RCE flaw with a new CVE …
Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices
Criminals powering the powerful REvil ransomware have ported the malware to Linux for qualified attacks. Cybercriminals guiding a string of substantial-profile ransomware attacks, together with a …
Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS DevicesRead More