reader comments 15 with 14 posters participating Share this story Microsoft has patched a critical zero-day vulnerability that North Korean hackers were using to target security researchers with malware. The in-the-wild attacks came to light in January in posts from Google and Microsoft. Hackers backed by the North Korean government, both posts said, spent weeks… Read More »
reader comments 56 with 32 posters participating Share this story Tens of thousands of US-based organizations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring application, it was widely reported. Microsoft issued emergency patches on Tuesday, but they… Read More »
reader comments 9 with 7 posters participating Share this story Microsoft is urging customers to install emergency patches as soon as possible to protect against highly skilled hackers who are actively exploiting four zero-day vulnerabilities in Exchange Server. The software maker said hackers working on behalf of the Chinese government have been using the previously… Read More »
reader comments 146 with 85 posters participating, including story author Share this story Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab’s open source code shows that the… Read More »
reader comments 28 with 23 posters participating Share this story Hackers are mass-scanning the Internet in search of VMware servers with a newly disclosed code-execution vulnerability that has a severity rating of 9.8 out of a possible 10. CVE-2021-21974, as the security flaw is tracked, is a remote code-execution vulnerability in VMware vCenter server, an… Read More »
reader comments 35 with 22 posters participating Share this story It’s the second Tuesday of February, and that means Microsoft and other software makers are releasing dozens of updates to fix security vulnerabilities. Topping off this month’s list are two zero-days under active exploit and critical networking flaws that allow attackers to remotely execute malicious… Read More »
reader comments 29 with 23 posters participating Share this story Users of Google’s Chrome browser have faced three security concerns over the past 24 hours in the form of a malicious extension with more than 2 million users, a just-fixed zero-day, and new information about how malware can abuse Chrome’s sync feature to bypass firewalls.… Read More »
Getty Images reader comments 20 with 17 posters participating Share this story SolarWinds, the previously little-known company whose network-monitoring tool Orion was a primary vector for one of the most serious breaches in US history, has pushed out fixes for three severe vulnerabilities. Martin Rakhmanov, a researcher with Trustwave SpiderLabs, said in a blog post… Read More »
reader comments 23 with 16 posters participating Share this story Network security provider SonicWall said on Monday that hackers are exploiting a critical zeroday vulnerability in one of the firewalls it sells. The security flaw resides in the Secure Mobile Access 100 series, SonicWall said in an advisory updated on Monday. The vulnerability, which affects… Read More »
reader comments 8 with 8 posters participating Share this story Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices. Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside… Read More »