reader comments 39 with 32 posters participating Share this story A team of advanced hackers exploited no fewer than 11 zeroday vulnerabilities in a nine-month campaign that used compromised websites to infect fully patched devices running Windows, iOS, and Android, a Google researcher said. Using novel exploitation and obfuscation techniques, a mastery of a wide… Read More »
reader comments 48 with 41 posters participating Share this story The Microsoft Exchange vulnerabilities that allow hackers to take over Microsoft Exchange servers are under attack by no fewer than 10 advanced hacking groups, six of which began exploiting them before Microsoft released a patch, researchers reported Wednesday. That raises a vexing question: how did… Read More »
reader comments 15 with 14 posters participating Share this story Microsoft has patched a critical zero-day vulnerability that North Korean hackers were using to target security researchers with malware. The in-the-wild attacks came to light in January in posts from Google and Microsoft. Hackers backed by the North Korean government, both posts said, spent weeks… Read More »
reader comments 56 with 32 posters participating Share this story Tens of thousands of US-based organizations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring application, it was widely reported. Microsoft issued emergency patches on Tuesday, but they… Read More »
reader comments 146 with 85 posters participating, including story author Share this story Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab’s open source code shows that the… Read More »
Rockwell Automation reader comments 91 with 69 posters participating, including story author Share this story Hardware that is widely used to control equipment in factories and other industrial settings can be remotely commandeered by exploiting a newly disclosed vulnerability that has a severity score of 10 out of 10. The vulnerability is found in programmable… Read More »
reader comments 28 with 23 posters participating Share this story Hackers are mass-scanning the Internet in search of VMware servers with a newly disclosed code-execution vulnerability that has a severity rating of 9.8 out of a possible 10. CVE-2021-21974, as the security flaw is tracked, is a remote code-execution vulnerability in VMware vCenter server, an… Read More »
reader comments 35 with 22 posters participating Share this story It’s the second Tuesday of February, and that means Microsoft and other software makers are releasing dozens of updates to fix security vulnerabilities. Topping off this month’s list are two zero-days under active exploit and critical networking flaws that allow attackers to remotely execute malicious… Read More »
reader comments 29 with 23 posters participating Share this story Users of Google’s Chrome browser have faced three security concerns over the past 24 hours in the form of a malicious extension with more than 2 million users, a just-fixed zero-day, and new information about how malware can abuse Chrome’s sync feature to bypass firewalls.… Read More »
Getty Images reader comments 20 with 17 posters participating Share this story SolarWinds, the previously little-known company whose network-monitoring tool Orion was a primary vector for one of the most serious breaches in US history, has pushed out fixes for three severe vulnerabilities. Martin Rakhmanov, a researcher with Trustwave SpiderLabs, said in a blog post… Read More »