Strategic support solutions are often reserved for leading companies. With digitalization expanding rapidly, all businesses…
3 Redefined Trends for Cyber Security Investing (2021) on Latest Hacking News.
Saturday, 31 July 2021
Zimbra Webmail Platform Vulnerabilities Discovered That Could Compromise Mail Servers
Two security bugs in Zimbra webmail could allow an adversary to access and control mail…
Zimbra Webmail Platform Vulnerabilities Discovered That Could Compromise Mail Servers on Latest Hacking News.
Friday, 30 July 2021
Week in security with Tony Anscombe
With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation. Learn to identify these scams. Most people are fans of the convenience provided by online shopping, but some criminals uses this to lure clients into Amazon scams. Learn to detect these. Now that organizations are set to evolve a
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Watch out for these scams, targeting Amazon’s customers
Most people are fans of the convenience Amazon brings to online shopping, and that’s precisely what cybercriminals are betting on.
The post Watch out for these scams, targeting Amazon’s customers appeared first on WeLiveSecurity
Critical Shopify Vulnerability Exposed GitHub Access Token And Shopify Repos
Popular e-commerce platform Shopify had a simple yet serious vulnerability that could have devastating results.…
Critical Shopify Vulnerability Exposed GitHub Access Token And Shopify Repos on Latest Hacking News.
Apple Patched Zero-Day Bug Under Attack For Mac and iOS Devices
Apple has recently rolled out a short macOS and iOS update with a critical security…
Apple Patched Zero-Day Bug Under Attack For Mac and iOS Devices on Latest Hacking News.
UC San Diego Health Discloses Data Breach Exposing Personal Information
Another data breach has surfaced online as UC San Diego Health discloses an incident exposing…
UC San Diego Health Discloses Data Breach Exposing Personal Information on Latest Hacking News.
Microsoft Alerts Users About PetiPotam NTLM Relay Attack
A new type of NTLM relay attack dubbed PetiPotam poses a threat to Windows systems’…
Microsoft Alerts Users About PetiPotam NTLM Relay Attack on Latest Hacking News.
Stellar Converter for EDB Review – Advanced Tool to Convert EDB Files to PST
Although you can export mailboxes from Exchange database to PST by using the “New-MailboxExportRequest” PowerShell…
Stellar Converter for EDB Review – Advanced Tool to Convert EDB Files to PST on Latest Hacking News.
Experts Uncover Several C&C Servers Linked to WellMess Malware
Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said 
Several Malicious Typosquatted Python Libraries Found On PyPI Repository
As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks. "Lack of moderation and automated security controls in public software repositories allow even inexperienced attackers to use them
A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System
A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor." The campaign — dubbed "MeteorExpress" — has not been linked to any previously identified threat group or to additional attacks, making it the first
Thursday, 29 July 2021
Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers
An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems. The attacks — dubbed "BazaCall" — eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are
Leading cybersecurity agencies reveal list of most exploited vulnerabilities of the past 2 years
There are 30 vulnerabilities listed in total; organizations would do well to patch their systems if they haven’t done so yet
The post Leading cybersecurity agencies reveal list of most exploited vulnerabilities of the past 2 years appeared first on WeLiveSecurity
Tackling the insider threat to the new hybrid workplace
Now that organizations are set to evolve a hybrid blend of home and office-based work for most employees, it is more important then ever to address the risks that insider threat can - willingly or unwitingly - pose.
The post Tackling the insider threat to the new hybrid workplace appeared first on WeLiveSecurity
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign. The backdoor is distributed via a decoy document named "Manifest.docx" that
Be Wary Of Fake Windows 11 Installers Bundled With Malware
While the official Windows 11 is just around the corner, expectedly, the fake installers have…
Be Wary Of Fake Windows 11 Installers Bundled With Malware on Latest Hacking News.
Apple Fixed The Nasty iOS WiFi Bug With The Latest iOS 14.7
Weeks after bearing with the weird iOS WiFi bug, Apple users can finally be at…
Apple Fixed The Nasty iOS WiFi Bug With The Latest iOS 14.7 on Latest Hacking News.
Organizations are Making Incremental Investments on Modifying Web Application Firewall to Stay Ahead of Cybersecurity Threats
Data suggests that 85% of organizations are spending incrementing amounts of time on modifying their…
Organizations are Making Incremental Investments on Modifying Web Application Firewall to Stay Ahead of Cybersecurity Threats on Latest Hacking News.
New Ransomware Gangs — Haron and BlackMatter — Emerge on Cybercrime Forums
Two new ransomware-as-service (RaaS) programs have appeared on the threat radar this month, with one group professing to be a successor to DarkSide and REvil, the two infamous ransomware syndicates that went off the grid following major attacks on Colonial Pipeline and Kaseya over the past few months. "The project has incorporated in itself the best features of DarkSide, REvil, and LockBit," the
Best Practices to Thwart Business Email Compromise (BEC) Attacks
Business email compromise (BEC) refers to all types of email attacks that do not have payloads. Although there are numerous types, there are essentially two main mechanisms through which attackers penetrate organizations utilizing BEC techniques, spoofing and account take-over attacks. In a recent study, 71% of organizations acknowledged they had seen a business email compromise (BEC) attack
New Android Malware Uses VNC to Spy and Steal Passwords from Victims
A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. Dubbed "Vultur" due to its use of Virtual Network Computing (VNC)'s remote screen-sharing technology to gain full visibility on targeted users, the mobile malware was
Top 30 Critical Security Vulnerabilities Most Exploited by Hackers
Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to weaponize publicly disclosed flaws to their advantage swiftly. "Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets,
Wednesday, 28 July 2021
Most Twitter users haven’t enabled 2FA yet, report reveals
Twitter’s transparency report revealed that users aren’t quick to adopt 2FA and once they do enable it, they choose the least secure option
The post Most Twitter users haven’t enabled 2FA yet, report reveals appeared first on WeLiveSecurity
Booking your next holiday? Watch out for these Airbnb scams
With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation.
The post Booking your next holiday? Watch out for these Airbnb scams appeared first on WeLiveSecurity
macOS Malware Now Steals Account Logins Of Telegram, Chrome, And More
The now infamous macOS malware XCSSET has evolved further to steal account logins from different…
macOS Malware Now Steals Account Logins Of Telegram, Chrome, And More on Latest Hacking News.
Numerous web apps found vulnerable to DNS cache poisoning via ‘forgot password’ feature
While the “Forgot Password” feature in web and mobile apps is meant for convenience, it…
Numerous web apps found vulnerable to DNS cache poisoning via ‘forgot password’ feature on Latest Hacking News.
UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild
An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021. Italy's CERT-AGID, in late January, disclosed details about Oscorp, a mobile malware developed to attack multiple financial targets with the goal of stealing
Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers
A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan (RAT) on compromised systems. Attributing the intrusions to a threat actor named PKPLUG (aka Mustang Panda and HoneyMyte), Palo Alto Networks' Unit 42 threat intelligence team
Numerous Vulnerabilities Discovered In Telegram Encryption Protocol
Researchers found multiple security vulnerabilities in the Telegram encryption protocol that could potentially risk users’…
Numerous Vulnerabilities Discovered In Telegram Encryption Protocol on Latest Hacking News.
Signal Zero-Day Bug Allows for Sending Unintended Images To Contacts
Signal has recently addressed a serious vulnerability that would be worrisome for users. A zero-day…
Signal Zero-Day Bug Allows for Sending Unintended Images To Contacts on Latest Hacking News.
Making Authentication Safer and Simpler for Customers
How to make the user experience better for your e-commerce? The simplest answer is to…
Making Authentication Safer and Simpler for Customers on Latest Hacking News.
Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees
An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of years-long social engineering and targeted malware campaign. Enterprise security firm Proofpoint attributed the covert operation to a state-aligned threat actor it tracks as TA456, and by the wider
Tuesday, 27 July 2021
Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS
The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products.
The post Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS appeared first on WeLiveSecurity
New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email
Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and reported in
What is a Security Theatre and How Is It Impacting the Organisations
In life, we do everything we can to stop any risk that could harm us.…
What is a Security Theatre and How Is It Impacting the Organisations on Latest Hacking News.
Several Bugs Found in 3 Open-Source Software Used by Several Businesses
Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework
Hackers Turning to 'Exotic' Programming Languages for Malware Development
Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts. "Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies," said Eric Milam, Vice President of
Malicious npm Packages Steal Chrome Browser Passwords
Once again, some malicious npm packages surfaced online to fool users. This time, the npm…
Malicious npm Packages Steal Chrome Browser Passwords on Latest Hacking News.
Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices
Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory
Monday, 26 July 2021
Kaseya Obtained a Working Decryptor For REvil Ransomware
Days after facing the devastating ransomware attack with a domino effect, Kaseya has finally found…
Kaseya Obtained a Working Decryptor For REvil Ransomware on Latest Hacking News.
Web Security Testing For Beginners
Web applications are the beginning and the end of today’s customer-centric business. Websites have advanced…
Web Security Testing For Beginners on Latest Hacking News.
BIMI: A Visual Take on Email Authentication and Security
There is a saying that goes something like, "Do not judge a book by its cover." Yet, we all know we can not help but do just that - especially when it comes to online security. Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand Indicators for Message Identification, or BIMI, aims to make it easier for us to quickly identify
How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability
Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack. Attackers can exploit this vulnerability to obtain hashed passwords
Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems
An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. "LemonDuck, an actively updated and robust malware that's primarily known
New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains
A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The issue, dubbed "PetitPotam," was discovered by security researcher Gilles Lionel, who shared
Friday, 23 July 2021
Week in security with Tony Anscombe
URL shortener services distributing Android malware – Week in security with Tony Anscombe
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Protecting the hybrid workplace through Zero Trust security
The Zero Trust architecture offers an increasingly popular way to minimize cyber-risk in a world of hybrid cloud, flexible working and persistent threat actors.
The post Protecting the hybrid workplace through Zero Trust security appeared first on WeLiveSecurity
Systemd Vulnerability Could Risk Denial-of-Service Across Major Linux Systems
A new vulnerability in the Systemd component risks Linux systems as it allows an adversary…
Systemd Vulnerability Could Risk Denial-of-Service Across Major Linux Systems on Latest Hacking News.
Law Firm Campbell Disclosed Data Breach Following Ransomware Attack
US law firm Campbell Conroy & O’Neil has disclosed a data breach affecting its customers,…
Law Firm Campbell Disclosed Data Breach Following Ransomware Attack on Latest Hacking News.
Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics." XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusual
Wake up! Identify API Vulnerabilities Proactively, From Code Back to Production
After more than 20 years in the making, now it's official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. This comes as no
Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring
Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation. The apprehended suspects, a 24-year-old software engineer, and a 15-year-old boy, are said to have been
MosaicLoader Malware Targets Users Looking For Pirated Software
A new malware threat is in the wild, targeting users looking for cracked or pirated…
MosaicLoader Malware Targets Users Looking For Pirated Software on Latest Hacking News.
Oil Firm Saudi Aramco Suffered Data Breach – Data Put For Sale On Dark Web
A major oil company fueling a majority of global activities has now fallen prey to…
Oil Firm Saudi Aramco Suffered Data Breach – Data Put For Sale On Dark Web on Latest Hacking News.
New Windows Print Spooler Zero-Day Bug Triggers Remote Attacks
It looks like the Print Spooler fiasco continues as more bugs surface online, triggering different…
New Windows Print Spooler Zero-Day Bug Triggers Remote Attacks on Latest Hacking News.
Thursday, 22 July 2021
Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims
Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. <!--adsense--> "On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the
Popular Wi‑Fi routers still using default passwords making them susceptible to attacks
To mitigate the chances of their Wi-Fi home routers being compromised, users would do well to change the manufacturer’s default access credentials
The post Popular Wi‑Fi routers still using default passwords making them susceptible to attacks appeared first on WeLiveSecurity
Comparis Disclosed Data Breach Following Ransomware Attack
Another firm has suffered a cybersecurity incident. The latest report comes from the Swiss price…
Comparis Disclosed Data Breach Following Ransomware Attack on Latest Hacking News.
You don’t want to miss these 7 cybersecurity trends of 2021
Every year we are on the cutting edge when it comes to cybersecurity. No matter…
You don’t want to miss these 7 cybersecurity trends of 2021 on Latest Hacking News.
Do you want to start building your website? Here are 6 helpful tips.
You want to start building your own website? Well, this is mostly done by professionals.…
Do you want to start building your website? Here are 6 helpful tips. on Latest Hacking News.
Top 7 Cybersecurity Strategies For Startup Businesses
People are said to oftentimes imagine that the most prominent targets of cyber threats and…
Top 7 Cybersecurity Strategies For Startup Businesses on Latest Hacking News.
APT Hackers Distributed Android Trojan via Syrian e-Government Portal
An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu
Reduce End-User Password Change Frustrations
Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges. This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, and password restrictions. One of the most common areas where security may cause challenges for
Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without
Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam
A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. Joseph O'Connor, 22, has been charged with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanish
Wednesday, 21 July 2021
Cybercriminals may target 2020 Tokyo Olympics, FBI warns
Cybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money
The post Cybercriminals may target 2020 Tokyo Olympics, FBI warns appeared first on WeLiveSecurity
Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent
XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems
Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system. The malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, collect screenshots, log keystrokes, and download
Several New Critical Flaws Affect CODESYS Industrial Automation Software
Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure. The flaws can be turned "into innovative attacks that could put threat actors in position to remotely
[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams
Today’s cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can’t prevent these attacks from happening, what can lean security teams look forward to? Surprisingly, leaner teams have a much greater chance than
Tuesday, 20 July 2021
New Windows and Linux Flaws Give Attackers Highest System Privileges
Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. "Starting with Windows 10 build 1809, non-administrative users are granted
Some URL shortener services distribute Android malware, including banking or SMS trojans
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices.
The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity
Schneider Electric Patched Security Bugs In EVlink Charging Stations
The multinational energy and automation digital solutions firm Schneider electric (SE) has disclosed some security…
Schneider Electric Patched Security Bugs In EVlink Charging Stations on Latest Hacking News.
Ecuador Telecom Giant CNT Suffered Cyber Attack – Ransomware Suspected
The latest victim is the public telecom giant of Ecuador, CNT, that disclosed a cyber…
Ecuador Telecom Giant CNT Suffered Cyber Attack – Ransomware Suspected on Latest Hacking News.
16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers
Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of
How to generate Cryptographically secure random numbers and data in Python
In Python, we can generate random numbers by simply using the random module. However, the…
How to generate Cryptographically secure random numbers and data in Python on Latest Hacking News.
This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection
Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign. "The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers
Monday, 19 July 2021
US and Global Allies Accuse China of Massive Microsoft Exchange Attack
The U.S. government and its key allies, including the European Union, the U.K, and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS). In a statement issued by the White House on Monday, the administration said, "with a high degree of
Google Patched Another Actively Exploited Chrome Zero-Day
After fixing many zero-day bugs already, Google has more to do with Chrome after another…
Google Patched Another Actively Exploited Chrome Zero-Day on Latest Hacking News.
Why You Should Always Conduct Application Security Testing
As security evolves, attackers employ a variety of attack approaches to circumvent the application’s access…
Why You Should Always Conduct Application Security Testing on Latest Hacking News.
New Phishing Campaign Spreads BazarBackdoor Malware Via Nested Archives
A new phishing campaign is active in the wild, targeting users with BazarBackdoor malware. The…
New Phishing Campaign Spreads BazarBackdoor Malware Via Nested Archives on Latest Hacking News.
Google Researchers Found Zero-Day Bugs In Safari, Chrome, and Internet Explorer
Researchers have discovered multiple zero-day bugs in Safari, Chrome, and IE browsers that are under…
Google Researchers Found Zero-Day Bugs In Safari, Chrome, and Internet Explorer on Latest Hacking News.
Researchers Warn of Linux Cryptojacking Attackers Operating from Romania
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to
Another Windows Print Spooler Bug Arrives After PrintNightmare Flaws
It hasn’t been long since Microsoft patched the devastating PrintNightmare vulnerabilities, now another flaw arrives.…
Another Windows Print Spooler Bug Arrives After PrintNightmare Flaws on Latest Hacking News.
Amazon Rolled Out End-to-End Encryption For Ring Devices Globally
Almost a year after initially launching the service as beta, Amazon has now released end-to-end…
Amazon Rolled Out End-to-End Encryption For Ring Devices Globally on Latest Hacking News.
Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely
The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any
Subscribe to:
Posts (Atom)