Critical SonicWall NAC Vulnerability Stems from Apache Mods
Researchers offer more detail on the bug, which can allow attackers to completely take over targets. Continue reading Critical SonicWall NAC Vulnerability Stems from Apache Mods
Author Archives: Elizabeth Montalbano
Log4J-Related RCE Flaw in H2 Database Earns Critical Rating
Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat. Continue reading Log4J-Related RCE Flaw in H2 Database Earns Critical Rating
Attackers Exploit Flaw in Google Docs’ Comments Feature
A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said.
Continue reading Attackers Exploit Flaw in Google Docs’ Comments Feature
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.
Continue reading ‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
Portugal Media Giant Impresa Crippled by Ransomware Attack
The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Year’s weekend attack. Continue reading Portugal Media Giant Impresa Crippled by Ransomware Attack
APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. Continue reading APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools
Cryptomining Attack Exploits Docker API Misconfiguration Since 2019
Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency. Continue reading Cryptomining Attack Exploits Docker API Misconfiguration Since 2019
That Toy You Got for Christmas Could Be Spying on You
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device. Continue reading That Toy You Got for Christmas Could Be Spying on You
Telegram Abused to Steal Crypto-Wallet Credentials
Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said. Continue reading Telegram Abused to Steal Crypto-Wallet Credentials
Four Bugs in Microsoft Teams Left Platform Vulnerable Since March
Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack. Continue reading Four Bugs in Microsoft Teams Left Platform Vulnerable Since March