Vulnerability summary for the week: April 3, 2020
Weekly vulnerability digest.
Cybersecurity News - Page 376
Someone’s wiped out over 15,000 unprotected Elasticsearch servers
The attacks have started around March 24 and appear to be carried out using an automated script.
DarkHotel hackers exploited flaws in Firefox and IE in attacks on China, Japan
In the attacks the hackers downloaded the Gh0st RAT on victims' machines.
A mitigation plan is underway for an entire Windows bug class
Security researcher has discovered 25 vulnerabilities impacting Win32k component in Windows.
Windows SMBGhost flaw allows privilege escalation
Researchers have published PoC exploits for CVE-2020-0796 privilege escalation flaw on Windows.
Vollgar campaign infects MS-SQL servers with backdoors, RATs, and cryptominers
Active since at least 2018, the campaign managed to infect roughly three thousand database machines daily.
Zoom bug allows attackers to steal Windows login credentials
The Zoom Windows client chat feature is vulnerable to UNC path injection, allowing attackers to capture the NTLM password hashes when a user clicks on a link within messages.
FBI warns of 'Kwampirs' malware supply chain attacks targeting global industries
The Kwampirs malware attacks have been ongoing since at least 2016.
Marriott reports new data breach affecting up to 5.2 million hotel guests
This is the second data breach the hotel giant has suffered in the last two years.
Zeus Sphinx banking malware resurfaced after years of silence
The malware that has been absent from the threat landscape for nearly three years returns to make a profit from COVID-19 pandemic.
Showing elements 3751 - 3760