Threats and Risks
Attackers are actively exploiting Zerologon Windows vulnerability, Microsoft warns
The flaw could allow an attacker with a foothold on the local network to instantly become a Domain Admin
Six per cent of Google Cloud buckets are misconfigured and vulnerable to unauthorised access, research reveals
Finding exposed cloud databases on internet is not a difficult job, according to researchers
Owned by the C-suite: a new approach to security is needed as cyber risks multiply
Post-Covid-19, security is no longer an ‘IT issue’ – it’s a C-suite item and a fundamental strategic priority
Chinese state-sponsored cyber actors are targeting bugs in F5, Citrix, Pulse and Microsoft Exchange Servers, US agencies warn
Organisations need to patch their systems immediately, they advise
Exploit code for 'Zerologon' bug impacting Windows Netlogon Remote Protocol published on Github
The vulnerability could allow an attacker to have access to an organisation's Active Directory domain controllers
Chinese intelligence is building detailed profiles on tens of thousands of citizens worldwide, leaked database suggests
Names include 52,000 Americans, 35,000 Australians, 10,000 Indians, 9,700 British, 5,000 Canadians, 1,400 Malaysians and 793 New Zealanders
Equinix reveals ransomware infection, services unaffected
The attack seems to have infected business systems, not data centres software
How to quickly identify and stop the latest phishing techniques
Join us to learn about the newest techniques deployed by attackers
Microsoft addresses 129 security vulnerabilities in its September 2020 Patch Tuesday update
Twenty-three are rated as 'Critical', many affect SharePoint
Newcastle University suffers suspected ransomware attack
Northumbria University is also 'experiencing an ongoing IT issue as a result of a cyber incident'
Evilnum employs PyVil RAT to target fintechs
The group has a history of abusing the Know Your Customer (KYC) regulations to target financial technology firms
Slack fixes a critical RCE bug in its desktop app
The flaw could have allowed attackers to access private conversations, channels, passwords, keys and tokens, and various functions within the app
North Korea-backed 'BeagleBoyz' group is targeting banks around the globe, US agencies warn
The primary aim of the campaign is to fund the North Korean government
Chinese ad platform using iOS SDK to steal ad revenue and exfiltrate data
More than 1,200 iOS apps use Mintegral's malicious SDK
Lucifer botnet now infecting Linux-based systems
The Lucifer malware infects machines and forms a botnet to mine cryptocurrency
North Korean hacking group is using BLINDINGCAN malware to attack defence firms, warns CISA
Hackers are sending spam mails that purport to come from big defence contractors to trap potential targets
Microsoft's out of band security update fixes flaw in Windows Remote Access service
The vulnerabilities could allow threat actors to gain elevated privileges on a victim's machine
HTML smuggling technique behind 'Duri' campaign to deliver malware, researchers warn
The attack can evade network security solutions, including firewalls, legacy proxies and sandboxes
Researchers exploited a bug in Emotet malware to create a killswitch, containing its spread for six months
But Emotet's operators have now patched the flaw
PoC exploit to target two Apache Struts 2 flaws emerges on GitHub
Upgrade to latest Struts version immediately, warns Apache Struts Security Team
NSA and FBI expose Russian 'Drovorub' malware used to target Linux systems
The malware is being deployed in real-world attacks by hackers working for Russian military intelligence unit, they state
Two zero-day vulnerabilities in Windows and IE were chained to target a South Korea firm in May
The vulnerabilities have now been patched by Microsoft
Citrix and SAP issue warnings over critical security flaws
Citrix has addressed five vulnerabilities in its CEM solution
Microsoft patches 120 security bugs in August 2020 Patch Tuesday update
Seventeen bugs are rated as "critical" meaning they can be easily exploited by hackers to gain full control of a vulnerable machine
Most read
