Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked...
Researchers have discovered a severe supply-chain attack that plants web skimmers on real-estate websites via… Hackers Exploit Cloud Video Platform To Target Real Estate Websites on Latest Hacking News. click here to read full...
An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed “CharmPower” for follow-on post-exploitation. “The actor’s...
Attackers are using the “Comments” feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers at Avanan have discovered. click here to read full Article Read...
Zero-day exploits have been all over the news in recent years, and several foreign governments have been accused of enabling attacks on vulnerable network infrastructure in the U.S. and the European Union. Most recently,...
A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with...
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on...
A Chinese hacker group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large academic institution, researchers at CrowdStrike revealed Wednesday. click here to read full Article...
Sophos Labs reported an exploit developed by hackers to bypass a critical flaw concerning the Microsoft Office file format. The attackers drop the Formbook malware on targeted systems. Microsoft had already fixed the security...
Apple on Monday released updates to iOS, macOS, tvOS, and watchOS with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that...
Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed...
Researchers unearth the first professional ransomware variant written in Rust dubbed BlackCat. It can target Windows, Linux, and VMWare ESXi systems. The threat group uses a double extortion model and looks for partners to...
AD Enum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos. cracking (john) -jp [path] John binary path -w [wordList] The path...
A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that can be exploited by threat actors to achieve admin privileges. click here to read full Article...
The Remote Desktop Protocol (RDP) is one of the most popular communication protocols for remotely controlling systems. It didn’t take long before attackers realized this is a golden egg. click here to read full...
Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and...
