2FA Bypassed in $34.6M Crypto.com Heist
In a display of 2FA’s fallibility, unauthorized transactions approved without users’ authentication bled 483 accounts of funds. Continue reading 2FA Bypassed in $34.6M Crypto.com Heist
Author Archives: Lisa Vaas
Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug
SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks’ internal devices. Continue reading Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug
Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data
A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. Continue reading Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data
Will 2022 Be the Year of the Software Bill of Materials?
Praise be & pass the recipe for the software soup: There’s too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable. Continue reading Will 2022 Be the Year of the Software Bill of Materials?
‘White Rabbit’ Ransomware May Be FIN8 Tool
It’s a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art.
Continue reading ‘White Rabbit’ Ransomware May Be FIN8 Tool
‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites
As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be afraid” was scrawled on the Foreign Ministry site.
Continue reading ‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites
Three Plugins with Same Bug Put 84K WordPress Sites at Risk
Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.
Continue reading Three Plugins with Same Bug Put 84K WordPress Sites at Risk
Microsoft Yanks Buggy Windows Server Updates
Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable. Continue reading Microsoft Yanks Buggy Windows Server Updates
US Military Ties Prolific MuddyWater Cyberespionage APT to Iran
US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools.
Continue reading US Military Ties Prolific MuddyWater Cyberespionage APT to Iran
Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft
Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access.
Continue reading Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft