Cybersecurity News - Page 18

Although there is no evidence of active exploitation, users are strongly advised to patch their instances as soon as possible.

The campaign uses a malicious script capable of wiping entire systems when Iranian configurations are detected.

Aleksei Volkov hunted for vulnerabilities in corporate networks and gained unauthorized access, which he then sold to co-conspirators.

Cameron Curry exploited his role as a data analyst contractor to access sensitive payroll and corporate data.

Researchers determined that the attackers gained access through previously stolen credentials from an earlier March breach.

The sites were part of a large-scale scam that advertised fake CSAM “packages,” as well as other cybercrime services.

The attacks do not break end-to-end encryption but instead rely on account hijacking techniques.

In brief: Threat actors are exploiting Zimbra, MS SharePoint and WingFTP flaws, police disrupt the Aisuru, KimWolf, JackSkid and Mossad botnets, and more.

DarkSword leverages six known vulnerabilities to gain deep access to compromised devices.

Interlock had been abusing the flaw as a zero-day issue in real-world attacks as early as January 26.