fbpx
Sunday, April 11, 2021
Hackers are exploiting a server vulnerability with a severity of 9.8 out of 10

Hackers are exploiting a server vulnerability with a severity of 9.8...

0
Getty Images In a development security pros feared, attackers are actively targeting yet another set of critical server vulnerabilities that leave corporations and governments open to serious network intrusions. The vulnerability this time is in BIG-IP, a line of server appliances sold by Seattle-based F5 Networks. Customers use BIG-IP servers to manage traffic going into…
“Expert” hackers used 11 zerodays to infect Windows, iOS, and Android users

“Expert” hackers used 11 zerodays to infect Windows, iOS, and Android...

0
A team of advanced hackers exploited no fewer than 11 zeroday vulnerabilities in a nine-month campaign that used compromised websites to infect fully patched devices running Windows, iOS, and Android, a Google researcher said. Using novel exploitation and obfuscation techniques, a mastery of a wide range of vulnerability types, and a complex delivery infrastructure, the…
There’s a vexing mystery surrounding the 0-day attacks on Exchange servers

There’s a vexing mystery surrounding the 0-day attacks on Exchange servers

0
The Microsoft Exchange vulnerabilities that allow hackers to take over Microsoft Exchange servers are under attack by no fewer than 10 advanced hacking groups, six of which began exploiting them before Microsoft released a patch, researchers reported Wednesday. That raises a vexing mystery: how did so many separate threat actors have working exploits before the…
Critical 0-day that targeted security researchers gets a patch from Microsoft

Critical 0-day that targeted security researchers gets a patch from Microsoft

0
Microsoft has patched a critical zero-day vulnerability that North Korean hackers were using to target security researchers with malware. The in-the-wild attacks came to light in January in posts from Google and Microsoft. Hackers backed by the North Korean government, both posts said, spent weeks developing working relationships with security researchers. To win the researchers'…
Tens of thousands of US organizations hit in ongoing Microsoft Exchange hack

Tens of thousands of US organizations hit in ongoing Microsoft Exchange...

Tens of thousands of US-based organizations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring application, it was widely reported. Microsoft issued emergency patches on Tuesday, but they do nothing to disinfect systems that are already compromised. KrebsOnSecurity…
Rookie coding mistake prior to Gab hack came from site’s CTO

Rookie coding mistake prior to Gab hack came from site’s CTO

Gab.com Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab’s open source code shows that the critical vulnerability—or at least one very much like it—was introduced by the…
Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10

Hard-coded key vulnerability in Logix PLCs has severity score of 10...

0
Rockwell Automation Hardware that is widely used to control equipment in factories and other industrial settings can be remotely commandeered by exploiting a newly disclosed vulnerability that has a severity score of 10 out of 10. The vulnerability is found in programmable logic controllers from Rockwell Automation that are marketed under the Logix brand. These…
Zero-days under active exploit are keeping Windows users busy

Zero-days under active exploit are keeping Windows users busy

0
It’s the second Tuesday of February, and that means Microsoft and other software makers are releasing dozens of updates to fix security vulnerabilities. Topping off this month’s list are two zero-days under active exploit and critical networking flaws that allow attackers to remotely execute malicious code or shut down computers. The most important patch fixes…
Chrome users have faced 3 security concerns over the past 24 hours

Chrome users have faced 3 security concerns over the past 24...

0
Users of Google’s Chrome browser have faced three security concerns over the past 24 hours in the form of a malicious extension with more than 2 million users, a just-fixed zero-day, and new information about how malware can abuse Chrome's sync feature to bypass firewalls. Let’s discuss them one by one. First up, the Great…
Hackers are exploiting a critical zeroday in devices from SonicWall

Hackers are exploiting a critical zeroday in devices from SonicWall

0
Network security provider SonicWall said on Monday that hackers are exploiting a critical zeroday vulnerability in one of the devices it sells. The security flaw resides in the Secure Mobile Access 100 series, SonicWall said in an advisory updated on Monday. The vulnerability, which affects SMA 100 firmware versions 10.x, isn’t slated to receive a…

Recent Posts