“Spring patches leaked Spring4Shell zero-day RCE vulnerability” plus 12 BleepingComputer.com

Spring patches leaked Spring4Shell zero-day RCE vulnerability
Thinking of a new career? Consider Cybersecurity with these free courses
LockBit victim estimates cost of ransomware attack to be $42 million
Palo Alto Networks error exposed customer support cases, attachments
DPRK hackers go after crypto assets using trojanized DeFi Wallet app
Calendly actively abused in Microsoft credentials phishing
US national emergency extended due to elevated malicious cyber activity
New Spring Java framework zero-day allows remote code execution
Globant confirms hack after Lapsus$ leaks 70GB of stolen data
Google: Russian phishing attacks target NATO, European military
QNAP warns severe OpenSSL bug affects most of its NAS devices
FBI disrupts BEC cybercrime gangs targeting victims worldwide
Hive ransomware uses new 'IPfuscation' trick to hide payload

Spring patches leaked Spring4Shell zero-day RCE vulnerability

Posted: 31 Mar 2022 08:16 AM PDT

Spring released emergency updates to fix the 'Spring4Shell' zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. [...]

Thinking of a new career? Consider Cybersecurity with these free courses

Posted: 31 Mar 2022 07:03 AM PDT

Curiosity and a love of learning are definite advantages in the cybersecurity field, and reading and learning more about the subject is just a few clicks away. The world needs more people out there fighting cybercrime. Perhaps one of them could be you. [...]

LockBit victim estimates cost of ransomware attack to be $42 million

Posted: 31 Mar 2022 06:30 AM PDT

Atento has published its 2021 financial performance results, which have a massive $42.1 million dent from a ransomware attack the firm suffered in October 2021. [...]

Palo Alto Networks error exposed customer support cases, attachments

Posted: 31 Mar 2022 06:00 AM PDT

EXCLUSIVE: A bug in the support dashboard of Palo Alto Networks (PAN) exposed thousands of customer support tickets to an unauthorized individual, BleepingComputer has learned. The exposed information included, customer names, contact information, conversations between staff and customers, firewall logs and configuration dumps. [...]

DPRK hackers go after crypto assets using trojanized DeFi Wallet app

Posted: 31 Mar 2022 05:05 AM PDT

Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors. [...]

Calendly actively abused in Microsoft credentials phishing

Posted: 31 Mar 2022 03:00 AM PDT

Phishing actors are actively abusing Calendly to kick off a clever sequence to trick targets into entering their email account credentials on the phishing page. [...]

US national emergency extended due to elevated malicious cyber activity

Posted: 30 Mar 2022 01:34 PM PDT

US President Joe Biden today has extended the state of national emergency declared to deal with increasingly prevalent and severe malicious cyber threats to the United States national security, foreign policy, and economy. [...]

New Spring Java framework zero-day allows remote code execution

Posted: 30 Mar 2022 01:16 PM PDT

A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications. [...]

Globant confirms hack after Lapsus$ leaks 70GB of stolen data

Posted: 30 Mar 2022 11:47 AM PDT

IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors. [...]

Google: Russian phishing attacks target NATO, European military

Posted: 30 Mar 2022 10:44 AM PDT

The Google Threat Analysis Group (TAG) says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks. [...]

QNAP warns severe OpenSSL bug affects most of its NAS devices

Posted: 30 Mar 2022 09:39 AM PDT

Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. [...]

FBI disrupts BEC cybercrime gangs targeting victims worldwide

Posted: 30 Mar 2022 09:13 AM PDT

A coordinated operation conducted by the FBI and its international law enforcement partners has resulted in disrupting business email compromise (BEC) schemes in several countries. [...]

Hive ransomware uses new 'IPfuscation' trick to hide payload

Posted: 30 Mar 2022 07:12 AM PDT

Threat analysts have discovered a new obfuscation technique used by the Hive ransomware gang, involving IPv4 addresses and a series of conversions that eventually lead to downloading Cobalt Strike beacons. [...]

Lexo edhe:

Rapitful Shqip

Search This Blog