A firsthand perspective on the recent LinkedIn account takeover campaign
It started with a password reset email in the middle of the night. Not long ago I wrote about a recent campaign to hold LinkedIn…
Month: September 2023
Exploit Code Published for Critical-Severity VMware Security Defect
Just days after shipping a major security update to correct vulnerabilities in its Aria Operations for Networks product line, VMWare is warning that exploit code…
Talos wars of customizations of the open-source info stealer SapphireStealer
Talos wars of customizations of the open-source info stealer SapphireStealer Pierluigi Paganini September 01, 2023 Cisco reported that multiple threat actors are customizing the SapphireStealer…
Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks
North Korean state-sponsored hackers have uploaded malicious packages to the PyPI (Python Package Index) repository, camouflaging one of them as a VMware vSphere connector module…
Microsoft is killing WordPad in Windows after 28 years
Microsoft announced today that it will deprecate WordPad with a future Windows update as it’s no longer under active development, though the company did not…
Exploit released for critical VMware SSH auth bypass vulnerability
Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware’s Aria Operations for Networks analysis tool (formerly known as vRealize…
Microsoft reminds of Windows 11 21H2 forced updates before end of service
Microsoft has reminded customers that systems running Windows 11 21H2 will be force-updated before the end of servicing next month. Since Windows 11 21H2 devices…
Microsoft retires Visual Studio for Mac, support ends in a year
Microsoft has announced it is retiring Visual Studio for Mac and that support for the latest version, 17.6, will continue for another year, until August 31, 2024.…
Preparing for the Future: Understanding Identity’s Role in Data Security
By Gal Helemski, Co-Founder and CTO/CPO at PlainID “Data is the lifeblood of an organization.” Becoming somewhat of a platitude in the security space, it’s…
Popular ‘As-a-Service’ Operations Have Earned Cybercriminals over $64m
In 2019, cybersecurity firm Group-IB exposed a Russia-based scam-as-a-service operation. This scheme, initially known as Classiscam, employed counterfeit classified advertisements and social engineering tactics to…
Hackers infiltrate servers of Japanese Government Cybersecurity Agency
In a concerning turn of events, the servers of Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) fell victim to a cyberattack…
Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware
Sep 01, 2023THNDatabase Security / Ransomware Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain…