At the end of June, 2021, security researchers from Russian firm Qrator started observing “a botnet of a new kind.” A joint research with Yandex followed to discover more about this new DDoS threat “emerging in almost real-time”. Related: New…
A threat actor has recently disclosed SSL-VPN access information to 87,000 FortiGate SSL-VPN devices, Fortinet has confirmed. Unpatched CVE-2018-13379 in FortiGate SSL-VPN Devices Caused the Leak According to the statement, the said credentials were taken from systems that remained unpatched…
CISA has released an alert regarding a new, critical zero-day vulnerability affecting Zoho ManageEngine servers. Related: Three New Zero-Days Disclosed in Kaseya Unitrends More specifically, an authentication bypass flaw affects the REST API URLs in ADSelfService Plus, which could lead…
A team of scholars from universities in Australia, Israel, and the United States has created a new side-channel attack that targets Google Chrome’s Site Isolation feature. The attack, called Spook.js, is a new transient execution side channel exploit targeting Chrome…
A new zero-day vulnerability, CVE-2021-40444, was found lurking in Internet Explorer, making it possible for hackers to exploit exposed Windows systems via malicious Office documents. Related: CVE-2021-36948 Zero-Day in Windows Update Medic Exploited in the Wild CVE-2021-40444 RCE Flaw Used…
Windows 11 is already making the headlines in terms of hackers’ exploitation. Apparently, FIN7, a well-known hacking group, has been using Windows 11 themes in an attempt to trick recipients in a recent phishing campaign targeting a PoS (point-of-sale) company.…
To shed some light on the everlasting “bundled malware” threat, Sophos researchers recently performed a thorough investigation on a network of websites related to an ongoing Racoon infostealer campaign, acting as a “dropper as a service.” This network distributed a…
A total of 16 vulnerabilities are plaguing the Bluetooth software stack of numerous SoC (system-on chip) chipsets. Called BrakTooth, the vulnerabilities affect 1,400 chipsets used in laptops, smartphones, IoT and industrial devices. If exploited, the flaws could crash and freeze…
A number of security flaws in the default firmware and web interface app of a popular router were discovered by CyberNews researchers that could expose its owners at risk of man-in-the-middle and denial-of-service attacks. TP-Link AC1200 Archer C50 (v6) is…
Two security vulnerabilities were discovered in the Gutenberg Template Library & Redux Framework plugin for WordPress, CVE-2021-38312 and CVE-2021-38314. Discovered by Defiant researchers, the vulnerabilities could impact more than a million WordPress websites running the plugin. Both flaws affect plugin…
The LockFile ransomware emerged in July 2021. The ransomware has been exploiting the ProxyShell vulnerabilities in Microsoft Exchange servers in its attacks. The flaws are deployed “to breach targets with unpatched, on premises Microsoft Exchange servers, followed by a PetitPotam…
ProxyToken, or CVE-2021-33766 is a serious security vulnerability in Microsoft Exchange that could allow an unauthenticated threat actor to access and steal emails from the victim’s mailbox. The issue was reported to the Zero Day Initiative in March 2021 by…
Microsoft researchers detected a new phishing campaign leveraging open redirector links (open redirects) in emails in an attempt to bypass security software and trick users into visiting malicious pages. Related: Microsoft and Google’s Cloud Infrastructure Abused by Hackers in Phishing…
In July, Kaseya announced three new zero-day vulnerabilities impacting its Kaseya Unitrends service. The vulnerabilities were represented by an authenticated RCE flaw on the server, a privilege escalation flaw from read-only user to admin on the server, and an undisclosed…
Palo Alto’s Unit 42 researchers shed light on four emerging ransomware groups making the headlines this year. The discovery comes after an extensive research and analysis of the underground including web leak sites and fresh onion sites. These ransomware-as-a-service operators…
What are the threats endangering Linux systems? Security researchers from Trend Micro just released a report focused on the “pressing security issues including malware and vulnerabilities that compromise Linux systems in the first half of 2021.” Related: The Facefish Operation:…
Security researchers are reporting emails soliciting company insiders to install the Demon (Black Kingdom) ransomware on their organizations’ networks. Nigerian Threat Actor Behind the Campaign According to a report by Abnormal Security, a Nigerian threat actor is trying to recruit…
According to an alert released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), cybercriminals are currently exploiting the so-called ProxyShell Microsoft Exchange vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. CISA Warns against ProxyShell Attacks The agency’s strong advice is for organizations…
There is a recently disclosed unpatched flaw in Fortinet’s web application firewall appliances. The vulnerability could be exploited by remotes authenticated attackers to execute malicious commands. Related: Top Exploited Vulnerabilities in 2020: Hackers Take Advantage of Remote Work In other…
AdLoad is a well-known adware and bundleware loaders family which has been targeting macOS users since 2017, or even earlier. The threat installs a backdoor on the system to drop adware and potentially unwanted applications (PUAs), and also collects information.…
