Browsing tag
Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems. Tracked as CVE-2021-26084 (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that could […]
There has been a lot of buzz in the industry about ransomware lately. Almost every other day, it’s making headlines. With businesses across the globe holding their breath, scared they might fall victim to the next major ransomware attack, it is now time to take action. The FBI IC3 report of 2020 classified Ransomware as […]
Meat processing company JBS on Wednesday confirmed it paid extortionists $11 million in bitcoins to regain access to its systems following a destructive ransomware attack late last month. “In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no […]
According to ethical hacking specialists, two Romanian citizens have been sentenced to 20 years in prison for infecting more than 400,000 computer computers with a variant of malware to extract financial information, an incident that led to a million-dollar fraud. Bogdan Nicolescu (35 years old) and Radu Miclaus (37 years old), were convicted by a […]
Hundreds of things could go wrong after a ransomware victim pays the money demanded by criminals. Digital forensics specialists from security firm Emsisoft reported the appearance of a bug in the Ryuk ransomware decryption tool (delivered by criminals to victims after they pay the ransom) that causes failures in the file recovery process. According to […]
A group of vulnerability testing specialists from the University of New Mexico, made up of William J. Tolley, Beau Kujath and Jedidiah R. Crandall, just reported a vulnerability present in most of Linux distributions and other operative systems that, if exploited, would allow threat actors to discover whether another user is connected to a VPN, […]
Data protection experts reported an intrusion that has impacted Adobe Magento Marketplace users, employed to purchase, sell, and download themes and plugins for Magento-based online stores. Through an email, the company notified its customers, noting that hackers took advantage of a known vulnerability in the Magento Marketplace website to access compromised systems, resulting in unauthorized […]
Despite some of them have advanced security measures, cryptocurrency exchange platforms remain one of the hackers’ favorite targets. As reported by digital forensics specialists, Upbit, a South Korean-based crypto exchange platform, has been the victim of a cyberattack that led to the theft of 342k Ethereum units, equivalent to $48.5M USD at current exchange rate. […]
Ethical hacking specialists from security firm ESET report the emergence of a new banking Trojan tracked in multiple locations in Latin America. Identified as Mispadu, this malicious program uses fake McDonald’s ads and phishing emails to trick victims through websites and social media platforms, primarily Facebook. In addition to malicious advertising, it is also possible […]
Over a hundred nursing homes in the US have had their operations crippled because the company providing them with technology services has become victim of a severe ransomware infection. According to information security specialists, threat actors, allegedly Russian hackers, demand a ransom of more than $14 million USD. The affected company is Wisconsin-based Virtual Care […]
A research published by vulnerability testing experts at security firm Onapsis claims that multiple vulnerabilities have been discovered in Oracle’s E-Business Suite. If exploited, these flaws would allow threat actors to gain full control of electronic transfers and even print undetected checks. The report mentions that the attack, known as Oracle Payday, involves exploiting two […]
Digital forensics specialists report that the official website of Monero, one of the most popular cryptocurrencies, was compromised due to the presence of a malware-infected file capable of extracting funds from account holders. Apparently it all started on November 18, when a user found the infected file and reported the problem to GitHub. Hours later, […]
A recent research published by vulnerability testing specialists from Purdue University details a new exploit that abuses some Android operating system smartphones through the use of malicious peripheral devices (specifically through Bluetooth and USB). The application processor of almost any relatively recent smartphone model uses the AT Command Interface to launch high-level commands to the […]
Information security experts anticipate that the balance in cybersecurity by the end of 2019 will be disastrous. According to figures collected up to this time of year, incidents of reported data breaches increased by about 30% compared to the previous year. In addition, this year it reached an all-time high of nearly 8 billion exposed […]
A couple of days ago web application security specialists reported a ransomware attack on Petroleos Mexicanos (PEMEX), a state-controlled Mexican oil company. Although the company did not explicitly recognize the ransomware infection, it is mentioned that the hackers responsible for the attack would have demanded about $5 million USD in Bitcoin to restore their systems. […]
A team of digital forensics specialists has reported the finding of two major zero-day vulnerabilities in some ATM machines widely used in the US, among other territories. If exploited, these flaws could allow a hacker to steal cash and extract sensitive information from users. Experts Trey Keown and Brenda So from security firm Red Balloon […]
Increasingly, cybersecurity incidents are affecting thousands, or even millions, of members of the gamer community. According to experts in ethical hacking, this weekend many fans of the popular Epic Games videogame Fortnite reported an alleged denial of service (DoS) attack against its online servers, preventing them from accessing their accounts and connecting to their matches. […]
Marriott International hotel chain has alerted its associates about a cyber security incident that could negatively impact the security of some associate’s data (specifically their social security numbers), after an unidentified threat actor accessed network of an outside vendor formerly used by Marriott, data protection experts reported. This incident did not involve or impact the […]
Ransomware remains one of the main cybersecurity threats for any individual or company. Vulnerability testing specialists report a serious ransomware infection that has crippled all computer operations in Nunavut, a remote Canadian territory. In a statement, the local government said, “All government services that depend on access to digital resources have been affected by a […]
A team of ethical hacking specialists has developed a free tool to remove the encryption implemented by the ransomware variant known as Paradise, which provides victims of this infection an option to regain access to their encrypted files without having to negotiate with threat actors. Paradise ransomware has been active at least since September 2017 […]
Over recent months, several network security firms, as well as independent researchers, have documented multiple cyberattacks against government organizations in various locations across the US, including states such as Atlanta, Georgia, New York, among others. However, recent reports claim that this entire wave of cyberattacks may have begun shortly before President Trump’s inauguration. Local media […]