Vulnerabilities

VULNERABILITIES

MALVERTISER- advertising malware

2 years ago

After a relatively stable presence since the start of this year, the ChromeLoader malware is seeing a rise in detection, posing a widespread threat. The malware can alter a user's web browser history and promote unwanted content from which the attacker stands to receive financial gain by redirecting user traffic... Read more

After a relatively stable presence since the start of this year, the ChromeLoader malware is... Read more

VULNERABILITIES

25 Malicious JavaScript Libraries Distributed via NPM Package Repository

2 years ago

DevOps security firm JFrog informed that it found and helped remove 25 malicious JavaScript libraries from the official npm package repository. This is the second time in three months that JFrog found malicious npm packages designed to steal Discord tokens and environment variables after reporting 17 similar packages in December... Read more

DevOps security firm JFrog informed that it found and helped remove 25 malicious JavaScript libraries... Read more

VULNERABILITIES

US Banks prepare for potential attack as Russian cybercriminals become emboldened

2 years ago

The Russia-Ukraine standoff in the physical world has also spilled into the cyber realm. Politicians and cybersecurity experts warn of potential attacks against the U.S. financial industry. Many conventional security rules are changing, according to Victor Wieczorek, a nation-state red teamer and director of threat and attack simulation at cybersecurity... Read more

The Russia-Ukraine standoff in the physical world has also spilled into the cyber realm. Politicians... Read more

VULNERABILITIES

North Korean Hackers Use Windows Update Service to Infect PCs with Malware

2 years ago

TThe Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is a known cybercrime group with ties to the North Korean government that recently abused the Windows Update Client to distribute malware. The researchers said they were investigating a phishing campaign mimicking Lockheed Martin, American aerospace,... Read more

TThe Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is... Read more

VULNERABILITIES

Dark Web's Largest Marketplace for Stolen Credit Cards Shuts Down

2 years ago

UniCC is shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. It's the most prominent dark web marketplace for stolen credit and debit cards. The team gave its users ten days to spend their balances and warned them to... Read more

UniCC is shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies... Read more

VULNERABILITIES

High-Severity Vulnerability in 3 WordPress plug-ins affected 84,000 websites

2 years ago

Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. Login/Signup Popup is installed on over 20,000 sites, while Side Cart Woocommerce and Waitlist Woocommerce have been installed on more than... Read more

Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000... Read more

VULNERABILITIES

Microsoft fixes Y2K22 Exchange bug that disrupted email worldwide on New Years

2 years ago

The turn of the new year triggered errors in Microsoft Exchange mail servers, causing thousands of emails around the world not to get sent and staying stuck on email transport queues causing entire servers to crash. The server administration community dubbed this bug “Y2K22” due to its similarity to the... Read more

The turn of the new year triggered errors in Microsoft Exchange mail servers, causing thousands... Read more

VULNERABILITIES

Cloud services used to distribute Netwire, Nanocore, and AsycnRat Malware

2 years ago

Malicious attackers have been using public cloud services from Amazon and Microsoft in their campaigns to deliver remote access trojans or RATS and use them to steal sensitive information from compromised systems. Employing existing infrastructure to support invasions is becoming more common. It eliminates the need for attackers to run... Read more

Malicious attackers have been using public cloud services from Amazon and Microsoft in their campaigns... Read more

VULNERABILITIES

New Apache Log4j Update Released to Patch Newly Discovered Vulnerability

3 years ago

Log4j is a popular Java library developed by the open-source Apache Software Foundation. Developers use it to log error messages in apps and cloud services such as Minecraft, Steam, and Apple iCloud. This software is publicly accessible and collects and stores activity records on a server. This week, Apache released... Read more

Log4j is a popular Java library developed by the open-source Apache Software Foundation. Developers use... Read more