Collaborate Disseminate
“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.
Continue reading Turla APT Plants Novel Backdoor In Wake of Afghan Unrest
Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out. Continue reading Payment API Bungling Exposes Millions of Users’ Payment Data
Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam. Continue reading Porn Problem: Adult Ads Persist on US Gov’t, Military Sites
The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August. Continue reading CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug
Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil’s servers went belly-up on July 13. Continue reading REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out
On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit. Continue reading Microsoft Patches Actively Exploited Windows Zero-Day Bug
Imperva’s Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws.
Continue reading Unpatched Bugs Plague Databases; Your Data Is Probably Not Secure – Podcast
Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches.
Continue reading Apple Issues Emergency Fix for NSO Zero-Click Zero Day
How did Kaseya get a universal decryptor after a mind-bogglingly big ransomware attack? A REvil coder misclicked, generated & issued it, and “That’s how we sh*t ourselves.” Continue reading REvil’s Back; Coder Fat-Fingered Away Its Decryptor Key
They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit.
Continue reading Thousands of Fortinet VPN Account Credentials Leaked