Collaborate Disseminate
Security researchers have found instances of the Absolute LoJack theft recovery technology phoning back to servers associated with a notorious Russian cyberespionage group known as Fancy Bear. Absolute LoJack, previously known as Computrace, is a high… Continue reading Cyberespionage Group Abuses LoJack Theft Recovery Software
Hijacking computing resources for cryptocurrency mining, or cryptomining, is one of the major attack trends this year and the threat is growing increasingly aggressive. Security researchers warn of a new worm that uses a variety of techniques and expl… Continue reading Cryptomining Worm MassMiner Exploits Multiple Vulnerabilities
Security researchers warn that a patch recently released by Oracle for a critical vulnerability in its WebLogic Java application server can easily be bypassed. The risk of exploitation is high especially since exploit code is already available for the… Continue reading Patch for Critical Oracle WebLogic Vulnerability Can Be Bypassed
Necurs, one of the largest and long-lived spam botnets that’s still in operation today, has received an update that could help it evade spam filters. The new trick, observed by researchers from Trend Micro, consists of spam emails with .zip atta… Continue reading Large Necurs Botnet Uses New Spam Detection Evasion Trick
Security researchers claim that a large majority of SAP systems deployed inside organizations are vulnerable to attacks that could completely compromise their sensitive data because of an insecure default configuration. The issue, which affects a core… Continue reading Many SAP Deployments at Risk Due to Insecure Configuration
A large marketplace that allowed users to rent distributed denial-of-service (DDoS) infrastructure from hackers has been shut down following a global law enforcement operation led by police agencies from the Netherlands and the UK. Known as webstresse… Continue reading Police Shut Down Largest DDoS-for-Hire Marketplace
Developers of the popular Drupal content management system plan to release a critical out-of-band patch April 25 that’s related to the actively exploited Drupalgeddon2 vulnerability fixed late last month. “There will be a security release … Continue reading Get Ready for Another Critical Drupal Patch Related to Drupalgeddon2
Researchers from Chinese internet security firm Qihoo 360 have uncovered a sophisticated targeted attack which, according to them, exploits an unpatched vulnerability in Microsoft’s Internet Explorer browser. The company made the announcement in… Continue reading Internet Explorer Zero-Day Exploit Reportedly Exploited in Targeted Attacks
Oracle has released a new quarterly critical patch update (CPU) for its product portfolio, fixing 254 vulnerabilities across 20 product families. More than two-thirds of those flaws are located in business-critical applications and 42 are rated critic… Continue reading Oracle Fixes Critical Vulnerabilities in Business Applications
Cisco Systems has released security updates for the software clients installed by users who attend WebEx-based meetings to fix a critical vulnerability that could allow remote attackers to compromise their computers. “An attacker could exploit t… Continue reading Widely Used WebEx Clients Have Critical Vulnerability