Articles that are tagged
Vulnerabilities
Recent News
VULNERABILITIES
25 Malicious JavaScript Libraries Distributed via NPM Package Repository
2 years ago
DevOps security firm JFrog informed that it found and helped remove 25 malicious JavaScript libraries from the official npm package repository. This is the second time in three months that JFrog found malicious npm packages designed to steal Discord tokens and environment variables after reporting 17 similar packages in December... Read more
DevOps security firm JFrog informed that it found and helped remove 25 malicious JavaScript libraries... Read more
VULNERABILITIES
US Banks prepare for potential attack as Russian cybercriminals become emboldened
2 years ago
The Russia-Ukraine standoff in the physical world has also spilled into the cyber realm. Politicians and cybersecurity experts warn of potential attacks against the U.S. financial industry. Many conventional security rules are changing, according to Victor Wieczorek, a nation-state red teamer and director of threat and attack simulation at cybersecurity... Read more
The Russia-Ukraine standoff in the physical world has also spilled into the cyber realm. Politicians... Read more
VULNERABILITIES
North Korean Hackers Use Windows Update Service to Infect PCs with Malware
2 years ago
TThe Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is a known cybercrime group with ties to the North Korean government that recently abused the Windows Update Client to distribute malware. The researchers said they were investigating a phishing campaign mimicking Lockheed Martin, American aerospace,... Read more
TThe Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is... Read more
VULNERABILITIES
Dark Web's Largest Marketplace for Stolen Credit Cards Shuts Down
2 years ago
UniCC is shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. It's the most prominent dark web marketplace for stolen credit and debit cards. The team gave its users ten days to spend their balances and warned them to... Read more
UniCC is shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies... Read more
VULNERABILITIES
High-Severity Vulnerability in 3 WordPress plug-ins affected 84,000 websites
2 years ago
Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. Login/Signup Popup is installed on over 20,000 sites, while Side Cart Woocommerce and Waitlist Woocommerce have been installed on more than... Read more
Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000... Read more
VULNERABILITIES
Microsoft fixes Y2K22 Exchange bug that disrupted email worldwide on New Years
2 years ago
The turn of the new year triggered errors in Microsoft Exchange mail servers, causing thousands of emails around the world not to get sent and staying stuck on email transport queues causing entire servers to crash. The server administration community dubbed this bug “Y2K22” due to its similarity to the... Read more
The turn of the new year triggered errors in Microsoft Exchange mail servers, causing thousands... Read more
VULNERABILITIES
Cloud services used to distribute Netwire, Nanocore, and AsycnRat Malware
2 years ago
Malicious attackers have been using public cloud services from Amazon and Microsoft in their campaigns to deliver remote access trojans or RATS and use them to steal sensitive information from compromised systems. Employing existing infrastructure to support invasions is becoming more common. It eliminates the need for attackers to run... Read more
Malicious attackers have been using public cloud services from Amazon and Microsoft in their campaigns... Read more
VULNERABILITIES
New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
3 years ago
Log4j is a popular Java library developed by the open-source Apache Software Foundation. Developers use it to log error messages in apps and cloud services such as Minecraft, Steam, and Apple iCloud. This software is publicly accessible and collects and stores activity records on a server. This week, Apache released... Read more
Log4j is a popular Java library developed by the open-source Apache Software Foundation. Developers use... Read more
VULNERABILITIES
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges
3 years ago
Researchers at security firm Praetorian warned of a third separate security weakness in Log4j version 2.15.0, soon after Cloudflare revealed on Wednesday about threat actors actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility making it possible to carry out denial-of-service (DoS) attacks. This... Read more
Researchers at security firm Praetorian warned of a third separate security weakness in Log4j version... Read more
