Russian Security Takes Down REvil Ransomware Gang
The country’s FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil’s infrastructure. Continue reading Russian Security Takes Down REvil Ransomware Gang
Author Archives: Tara Seals
Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign
A cloudy campaign delivers commodity remote-access trojans to steal information and execute code. Continue reading Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign
Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. Continue reading Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS
The malware establishes initial access on targeted machines, then waits for additional code to execute. Continue reading ‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS
URL Parsing Bugs Allow DoS, RCE, Spoofing & More
Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications. Continue reading URL Parsing Bugs Allow DoS, RCE, Spoofing & More
Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover
ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch. Continue reading Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover
Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying
The ‘NoReboot’ technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen. Continue reading Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying
1.1M Compromised Accounts Found at 17 Major Companies
The accounts fell victim to credential-stuffing attacks, according to the New York State AG. Continue reading 1.1M Compromised Accounts Found at 17 Major Companies
Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails
A simple-to-exploit bug that allows bad actors to send emails from Uber’s official system — skating past email security — went unaddressed despite multiple flagging by researchers. Continue reading Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails
Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites
The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player. Continue reading Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites