Researchers at Bitdefender Security recently discovered a Romanian-based threat intelligence group hacking Linux machines and targeting systems with weak Secure Shell Protocol (SSH) credentials. The group was using Monero mining software to target cryptocurrency wallets and exploit misconfigurations to cause data breaches.
By...
Security experts disclosed a critical vulnerability in Microsoft's Azure App Service that could expose the source code of users’ applications written in Java, Node, PHP, Python, and Ruby programming languages. The vulnerability is now fixed after Wiz researchers reported...
In an attempt to assist organizations, The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by the Apache Log4j remote code execution (RCE) vulnerabilities.
Tracked as CVE-2021-44228 and CVE-2021-45046, the...
The cybercriminal landscape increases quickly with various kinds of ransomware variants and attacks. The NCC group’s report states, the number of ransomware attacks reported in November 2021 has been increased by 1.9% compared to October 2021.
The Emergence of New...
Sysadmins and DevOps had a demanding 2020 due to the pandemic. They are always on the alert for new things cropping up, however, Log4j is not something that a simple patch can solve. To make things more complicated, it’s...
Security experts from Group-IB disclosed a new global cyberespionage phishing campaign targeting users in over 90 countries, including the U.S., Canada, South Korea, and Italy. It stated that that the campaign mimicked more than 120 global organizations.
The scammers leveraged various tactics...
Ever since the Apache Log4j flaw (CVE-2021-44228) was disclosed, cybercriminals looked for opportunities to exploit it and bypass security protections. Security experts from Check Point recently revealed that an Iranian threat actor group, dubbed Charming Kitten, targeted multiple Israeli...
The world is more connected than ever. Rapid digitalization has created enormous potential for enterprises, given the connectedness of billions of IoT devices. The priorities of the cybersecurity C-suite have also seen a shift, with CISOs and CIOs strategizing...
FBI issued an alert revealing that APT actors have been actively exploiting a zero-day vulnerability – CVE-2021-44515 – on ManageEngine Desktop Central servers.
The APT actors compromised the Desktop Central servers to drop a webshell that overrides a genuine function...
Microsoft has urged organizations and users to immediately patch two Active Directory domain service privilege escalation security vulnerabilities. Tracked as CVE-2021-42287 and CVE-2021-42278, these vulnerabilities allow threat actors to takeover Windows domains. While the technology giant fixed these flaws during the...
