Operation Earth Kitsune spies on users via compromised sites
In order to compromise websites to host malware the attackers used a total of five C&C servers and a slew of RCE and EoP vulnerabilities.
Cybersecurity News - Page 344
Loginizer WordPress plugin gets forced security update for severe SQL injection vulnerability
Given the severity of the flaw, the WordPress security team has decided to push forced update to all sites running Loginizer on WordPress 3.7 and higher.
Muddy Water hackers target Middle East governments, telecoms
Many of organizations attacked by Muddy Water have been also targeted by the relatively new PowGoop malware.
Microsoft disrupts 94% of TrickBot's command and control servers
Microsoft said 120 of the 128 servers identified as Trickbot infrastructure around the world were eliminated.
NSA details the Top 25 vulnerabilities actively exploited by Chinese nation-state hackers
All of the listed CVEs are already publicly known and have patches available.
Google patches Chrome zero day bug
The vulnerability is described as a heap buffer overflow bug in Freetype rendering engine.
Ryuk ransomware deployed in 5 hours using ZeroLogon flaw
In the observed attack the hackers escalated privileges using ZeroLogon less than 2 hours after the initial phish.
UK accuses Russia of targeting Tokyo Olympics
NCSC said that Russian activity involved reconnaissance operations and that the targets included the Games’ organisers, logistics services and sponsors.
US charges six Sandworm hackers for NotPetya ransomware attacks, other disruptive campaigns
The indictment said the hackers deployed “some of the world’s most destructive malware to date” in their attacks.
UK NCSC urges orgs to patch dangerous Microsoft SharePoint RCE flaw
If exploited, CVE-2020-16952 could allow an attacker to run arbitrary code in the context of the local administrator on affected installations of SharePoint server.
Showing elements 3431 - 3440