news

Vulnerabilities

Issued by: Help Net Security

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About…

Mobile Security

Issued by: Malwarebytes

Yesterday, Apple News announced it had disabled the channel of Fast Company, a US-based business magazine, after surprised Twitter users reported it was tweeting offensive comments. Fast Company was hacked on Sunday, September 25. The attacker responsible modified article titles to obscene and racist things: “Hacked by Vinny Troia. [redacted] tongue my [redacted]”, one title…

Malware & Threats

Issued by: Malwarebytes

Since Australian telecoms company Optus disclosed a security breach on September 22, 2022, a lot has been happening. Much of it reads like a movie script. Prologue A hacker acting under the pseudonym “optusdata” claims to have stolen the data of 10 million Optus customers. The information included home addresses, drivers’ licenses, Medicare numbers, and…

Malware & Threats

Issued by: Help Net Security

Cybercriminals wielding the FARGO (aka Mallox, aka TargetCompany) ransomware are targeting Microsoft SQL (MS SQL) servers, AhnLab’s ASEC analysis team has warned. They haven’t pinpointed how the attackers are getting access to the targeted servers, but noted that typical attacks targeting database servers include brute force and dictionary attacks aimed at ferreting out the passwords…

Vulnerabilities

Issued by: Help Net Security

The Identity Theft Resource Center (ITRC) has published a research that shows nearly 40 percent of ITRC victims say their personal information was stolen, compromised or misused in the past year. The report goes beyond the known financial implications of identity crimes and explores the lost opportunities as well as the emotional, physical and psychological…

Malware & Threats

Issued by: Help Net Security

Avast released a report revealing a significant increase in global ransomware attacks, up 24% from Q1/2022. Researchers also uncovered a new zero-day exploit in Chrome, as well as signals how cybercriminals are preparing to move away from macros as an infection vector. Ransomware attacks increase After months of decline, global ransomware attacks increased significantly in…

Software Security

Issued by: Help Net Security

A new study polling 1,000 software developers and startup employees found 29% of companies use unprotected production data (real customer data) in testing environments when testing and troubleshooting their company’s software — increasing the risk of exposure in the event of a data breach. Unprotected production data is defined as data that is not de-identified…

Vulnerabilities

Issued by: Help Net Security

Six vulnerabilities in the MiCODUS MV720 GPS tracker that’s used by organizations around the world to manage and protect vehicle fleets could be exploited by attackers to remotely cut fuel to or abruptly stop vehicles. “Attackers could choose to surreptitiously track individuals or demand ransom payments to return disabled vehicles to working condition,” BitSight researchers…

Malware & Threats

Issued by: Help Net Security

Sometimes phishers are just after your username and password, but other times they are after every scrap of sensitive information they can extract from you. To do that, they use tools like the phishing kit recently analyzed by Akamai researchers. By misusing the PayPal logo and general design, the phishing kit leads users through a…