SAP fixes critical vulnerabilities in NetWeaver application servers
SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. As part of…
Month: January 2025
Easterly Calls For Defenses Against PRC; Biden Order Coming
Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), warned today that the U.S. must do more to protect against cyber threats…
CISA shares guidance for Microsoft expanded logging capabilities
CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance…
MikroTik botnet uses misconfigured SPF DNS records to spread malware
A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly…
Label giant Avery says website hacked to steal credit cards
Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers’ credit cards and personal information. Avery is…
Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes
A recent cyberattack, mimicking the tactics of the notorious Black Basta ransomware group, targeted one of SlashNext’s clients. Within 90 minutes, 1,165 malicious emails bombarded…
Hackers use Google Search ads to steal Google Ads accounts
Ironically, cybercriminals now use Google search advertisements to promote phishing sites that steal advertisers’ credentials for the Google Ads platform. The attackers are running ads…
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Jan 15, 2025Ravie LakshmananCryptocurrency / Malware The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted…
Over 660,000 Rsync servers exposed to code execution attacks
Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers.…
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Jan 15, 2025Ravie LakshmananMalvertising / Malware Cybersecurity researchers have alerted to a new malvertising campaign that’s targeting individuals and businesses advertising via Google Ads by…
Microsoft ends support for Office apps on Windows 10 in October
Microsoft says it will drop support for Office apps in Windows 10 after the operating system reaches its end of support on October 14. “Microsoft…
Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities
Microsoft kicked off 2025 with a bang on the second Tuesday of January, dropping a massive Patch Tuesday update containing fixes for 159 vulnerabilities –…