-
Hackers Hide Malware in Windows Logo, Target Middle East Governments
PRIVACY PRIVACY The group continued to use the LookBack backdoor, but also several new types of malware Read More
-
Microsoft: Two New 0-Day Flaws in Exchange Server
PRIVACY PRIVACY Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to…
-
Prison for ex-eBay staff who aggressively cyberstalked company’s critics with Craigslist sex party ads and funeral wreaths
PRIVACY PRIVACY Two men, who previously worked at eBay, have been sentenced to prison after admitting their role in a cyberstalking campaign that targeted the editor and publisher of a newsletter that criticised the company. Read more in my article on the Hot for Security blog. Read More
-
Hackers Backdoor Pirated Windows OS With Cryptominer and Xtreme RAT
PRIVACY PRIVACY The behavior of the actors was reportedly identical to what was described by Minerva Labs in 2021 Read More
-
Enterprises embrace devsecops practices against supply chain attacks
PRIVACY PRIVACY For enterprise security professionals alarmed about the rising number of supply chain attacks, a report released this week by Google and supply chain security firm Chainguard has good news: Devsecops best practices are becoming more and more common. The recent prevalence of supply chain attacks—most notably the SolarWinds attack, which affected numerous large…
-
Lazarus-Associated Hackers Weaponize Open-Source Tools Against Several Countries
PRIVACY PRIVACY The advisory suggests Zinc has targeted media, defense and aerospace, and IT services Read More
-
Watchfinder warns customers that hackers stole their data
PRIVACY PRIVACY Luxury pre-owned watch website Watchfinder has warned its user base that their personal data has been accessed after an employee’s account was broken into and a customer list accessed. Read More
-
Microsoft Confirms Two Exchange Zero-Day Vulnerabilities
PRIVACY PRIVACY The vulnerabilities were first discovered by Vietnamese cybersecurity firm GTSC Read More
-
Security Vulnerabilities in Covert CIA Websites
PRIVACY PRIVACY Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by—at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. We’re now learning that the CIA is still “using an irresponsibly secured system for asset communication.” Citizen Lab did…
-
CVE-2022-41040 and CVE-2022-41082: ProxyShell Variant Exploited in the Wild
PRIVACY PRIVACY Microsoft has confirmed reports of two zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. Patches are not yet available. Background On September 28, GTSC Cybersecurity Technology Company Limited published a blog post (English translation published later) regarding their discovery of two zero-day vulnerabilities in Microsoft Exchange Server. According…