A zero-day vulnerability detected in the Java logging library Apache Log4j can result in full server takeover and leaves countless applications vulnerable, according to security researchers, who say that the easily exploitable flaw was first detected in the popular game Minecraft.
SonicWall is urging users of its Secure Mobile Access 100 series gateways and remote access products to immediately apply patches, as a majority of the devices are affected by eight critical- to medium-severity vulnerabilities even after enabling their web application firewall.
Open-source analytics and interactive visualization solutions provider Grafana Labs has released an emergency security update to patch a high-severity zero-day vulnerability on its dashboard. The company had to issue the fix before schedule to limit exploitation after a researcher reported it.
Steve King, director of cybersecurity advisory services for ISMG's CyberTheory, has just been appointed a member of the Forbes Technology Council. He discusses the role, his passion for Zero Trust and new initiatives to expect from CyberTheory in 2022.
It's no surprise that as some ransomware-wielding criminals have been hitting healthcare, pipelines and other sectors that provide critical services, governments have been recasting the risk posed by ransomware not just as a business threat but as an urgent national security concern.
A security flaw in Kafdrop, an open-source user interface and management interface for distributed event-streaming platform Apache Kafka, has exposed data of "major global players ... in healthcare, insurance, media and IoT," a report by cybersecurity company Spectral says.
A new Microsoft Teams feature makes it possible for employees to communicate with people outside the organization and vice versa through Teams. Security researchers believe the new update potentially opens up avenues for threat actors to target organizations through phishing attacks.
Casey Ellis, founder and CTO of Bugcrowd, shares insights from the company's annual report, Inside the Mind of a Hacker 2021, which reveals that 8 out of 10 ethical hackers recently identified a vulnerability they had never seen before.
Multiple APT groups from Russia, China and India are adopting a new phishing attack technique using RTF template injection, which makes attacks harder to detect. The template is compatible with Microsoft Office, which makes it easier for an attacker to open or edit these documents.
Unidentified threat actors are using fake cryptocurrency-related websites to distribute the SpyAgent malware, which abuses legitimate remote access tools. They have targeted a legitimate Russian remote access tool called Safib Assistant, Trend Micro researchers note.
A Microsoft zero-day vulnerability has not been fixed by the technology giant despite having been reported months ago, according to a security researcher. To protect users, a micropatching service, 0patch, has issued unofficial, free patches.
Researchers have identified a new remote access Trojan that uses a unique stealth technique to help it stay undetected on a victim's infrastructure and conceal Magecart malware. Dubbed CronRAT, it hides in the Linux calendar subsystem as a task that has a nonexistent date.
An Iranian attacker has been targeting users who have failed to patch a remote code execution vulnerability in a Microsoft browser engine to spy on Farsi-speaking victims, paralleling a similar campaign being run by North Korean attackers, researchers warn.
The Israeli government's Ministry of Defense reportedly has cut the list of countries to which Israeli companies’ cyber spyware can be exported from 102 to 37, reducing Israel's surveillance tool export market by two-thirds. The list specifically restricts doing business with those involved in offensive cyber.
Learning management platform Moodle, which caters to about 300 million users in 241 countries, is vulnerable to four high-risk flaws, according to a security advisory issued by the Indian Computer Emergency Response Team, or CERT-In.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.