All News

U.S. warns of increased cyberattacks against K-12 distance learning

K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft, and general disruption of normal activity. The trend will continue through the 2020/2021 academic year.
- Ionut Ilascu
- December 10, 2020
- 06:22 PM
- 0
Fake data breach alerts used to steal Ledger cryptocurrency wallets

A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients.
- Lawrence Abrams
- December 10, 2020
- 05:54 PM
- 0
Sophos fixes SQL injection vulnerability in their Cyberoam OS

Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability.
- Lawrence Abrams
- December 10, 2020
- 04:17 PM
- 0
250,000 stolen MySQL databases for sale on dark web auction site

Hackers have set up an auction site on the dark web to sell 250,000 databases stolen from tens of thousands of breached MySQL servers.
- Ionut Ilascu
- December 10, 2020
- 01:39 PM
- 0
Windows Kerberos Bronze Bit attack gets public exploit, patch now

Proof-of-concept exploit code and full details on a Windows Kerberos security bypass vulnerability have been published earlier this week by Jake Karnes, the NetSPI security consultant and penetration tester who reported the security bug to Microsoft.
- Sergiu Gatlan
- December 10, 2020
- 12:08 PM
- 1
Cisco fixes new critical code execution bug in Jabber for Windows

Cisco has addressed a new critical severity remote code execution (RCE) vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September.
- Sergiu Gatlan
- December 10, 2020
- 11:00 AM
- 0
Hackers can use WinZip insecure server connection to drop malware

The server-client communication in certain versions of the WinZip file compression tool is insecure and could be modified to serve malware or fraudulent content to users.
- Ionut Ilascu
- December 10, 2020
- 09:47 AM
- 1
Teen who shook the Internet in 2016 pleads guilty to DDoS attacks

One of the operators behind a Mirai botnet pleaded guilty to their involvement in a huge DDoS attack that caused a massive Internet disruption during October 2016.
- Sergiu Gatlan
- December 10, 2020
- 09:24 AM
- 0
Microsoft Edge gets a performance boost with sleeping tabs

Microsoft is rolling out a sleeping tabs feature to the new Chromium-based Edge web browser which will drastically reduce memory and CPU resource usage.
- Sergiu Gatlan
- December 10, 2020
- 08:01 AM
- 3
Qbot malware switched to stealthy new Windows autostart method

A new Qbot malware version now activates its persistence mechanism right before infected Windows devices shutdown and it automatically removes any traces when the system restarts or wakes up from sleep.
- Sergiu Gatlan
- December 09, 2020
- 04:00 PM
- 0
Pfizer COVID-19 vaccine documents accessed in EMA cyberattack

The European Medicines Agency (EMA) responsible for COVID-19 vaccine approval has suffered a cyberattack of an undisclosed nature, according to a statement posted on their website.
- Lawrence Abrams
- December 09, 2020
- 01:51 PM
- 2
DHS-CISA urges admins to patch OpenSSL DoS vulnerability

This week OpenSSL has released fixes for a high severity Denial of Service (DoS) vulnerability, CVE-2020-1971. U.S. DHS Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to upgrade their vulnerable OpenSSL instances immediately.
- Ax Sharma
- December 09, 2020
- 12:25 PM
- 0
Credit card stealer hides in CSS files of hacked online stores

Credit card stealer scripts are evolving and become increasingly harder to detect due to novel hiding tactics. The latest example is a web skimmer that uses CSS code to blend within the pages of a compromised store and to steal customers' personal and payment information.
- Sergiu Gatlan
- December 09, 2020
- 11:38 AM
- 0
Russian hackers hide Zebrocy malware in virtual disk images

Russian-speaking hackers behind Zebrocy malware have changed their technique for delivering malware to high-profile victims and started to pack the threats in Virtual Hard Drives (VHD) to avoid detection.
- Ionut Ilascu
- December 09, 2020
- 11:10 AM
- 0
Adobe fixes critical security vulnerabilities in Lightroom, Prelude

Adobe has released security updates to address critical severity security bugs affecting Windows and macOS versions of Adobe Lightroom and Adobe Prelude.
- Sergiu Gatlan
- December 09, 2020
- 09:26 AM
- 0
Microsoft fixes new Windows Kerberos security bug in staged rollout

Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout.
- Sergiu Gatlan
- December 09, 2020
- 08:25 AM
- 0
Ransomware forces hosting provider Netgain to take down data centers

Cloud hosting and IT services provider Netgain was forced to take some of their data centers offline after suffering a ransomware attack in late November.
- Lawrence Abrams
- December 08, 2020
- 06:13 PM
- 0
FireEye reveals that it was hacked by a nation state APT group

Leading cybersecurity company FireEye disclosed today that it was hacked by a threat actor showing all the signs of a state-sponsored hacking group.
- Sergiu Gatlan
- December 08, 2020
- 04:58 PM
- 0
Microsoft issues guidance for DNS cache poisoning vulnerability

Microsoft issued guidance on how to mitigate a DNS cache poisoning vulnerability reported by security researchers from the University of California and Tsinghua University.
- Sergiu Gatlan
- December 08, 2020
- 01:58 PM
- 0
Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities

Today is Microsoft's December 2020 Patch Tuesday, and Windows administrators will be scrambling to put out fires, so be kind to them. As part of this Patch Tuesday, Microsoft fixed 58 security vulnerabilities and release a DNS cache poisoning vulnerability advisory.
- Lawrence Abrams
- December 08, 2020
- 01:37 PM
- 2