reader comments 1 with 1 posters participating Share this story The FBI and the Cybersecurity and Infrastructure Security Agency said that advanced hackers are likely exploiting critical vulnerabilities in the Fortinet FortiOS VPN in an attempt to plant a beachhead to breach medium and large-sized businesses in later attacks. “APT actors may use these vulnerabilities… Read More »
(credit: Aurich Lawson / Ars Technica) Microsoft Exchange servers compromised in a first round of attacks are getting infected for a second time by a ransomware gang that is trying to profit from a rash of exploits that caught organizations around the world flat-footed. The ransomware—known as Black Kingdom, DEMON, and DemonWare—is demanding $10,000 for… Read More »
Getty Images reader comments 27 with 23 posters participating Share this story In a development security pros feared, attackers are actively targeting yet another set of critical server vulnerabilities that leave corporations and governments open to serious network intrusions. The vulnerability this time is in BIG-IP, a line of server appliances sold by Seattle-based F5… Read More »
reader comments 39 with 32 posters participating Share this story A team of advanced hackers exploited no fewer than 11 zeroday vulnerabilities in a nine-month campaign that used compromised websites to infect fully patched devices running Windows, iOS, and Android, a Google researcher said. Using novel exploitation and obfuscation techniques, a mastery of a wide… Read More »
reader comments 48 with 41 posters participating Share this story The Microsoft Exchange vulnerabilities that allow hackers to take over Microsoft Exchange servers are under attack by no fewer than 10 advanced hacking groups, six of which began exploiting them before Microsoft released a patch, researchers reported Wednesday. That raises a vexing question: how did… Read More »
reader comments 15 with 14 posters participating Share this story Microsoft has patched a critical zero-day vulnerability that North Korean hackers were using to target security researchers with malware. The in-the-wild attacks came to light in January in posts from Google and Microsoft. Hackers backed by the North Korean government, both posts said, spent weeks… Read More »
reader comments 56 with 32 posters participating Share this story Tens of thousands of US-based organizations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring application, it was widely reported. Microsoft issued emergency patches on Tuesday, but they… Read More »
reader comments 9 with 7 posters participating Share this story Microsoft is urging customers to install emergency patches as soon as possible to protect against highly skilled hackers who are actively exploiting four zero-day vulnerabilities in Exchange Server. The software maker said hackers working on behalf of the Chinese government have been using the previously… Read More »
reader comments 146 with 85 posters participating, including story author Share this story Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab’s open source code shows that the… Read More »
reader comments 28 with 23 posters participating Share this story Hackers are mass-scanning the Internet in search of VMware servers with a newly disclosed code-execution vulnerability that has a severity rating of 9.8 out of a possible 10. CVE-2021-21974, as the security flaw is tracked, is a remote code-execution vulnerability in VMware vCenter server, an… Read More »