An actively exploited zero-day flaw Tracked as CVE-2021-40444 (CVSS score: 8.8), has been discovered to be impacting Internet Explorer. The remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents. […]
The evolution of Jupyter, a .NET infostealer has been reported by Cybersecurity researchers. This is known for going at healthcare and education sectors, making it exceptional at defeating most endpoint security scanning solutions. Morphisec underscores that the malware has not just continued to remain active but also showcases “how threat actors continue to develop their
Hackers Take To Distribution of Jupyter Malware Version via MSI Installer Read More »
Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat (APT) behind last year’s SolarWinds supply chain attack, joining the threat actor’s ever-expanding arsenal of hacking tools. A previously undocumented backdoor likely designed and developed by Nobelium advanced persistent threat(APT) has been disclosed by Cybersecurity researchers
Hackers Behind SolarWinds Cyberattack Linked to New Tomiris Backdoor Found Read More »
Contractors have been left unpaid after a “sophisticated” cyber-attack forced British payroll company shut down. This was confirmed on September 24 by Giant Group that it had taken its network and its fully integrated IT infrastructure, phone and email systems offline last Wednesday after detecting suspicious activity In a statement published on its website September
British Payroll Firm suffers Cyber-Attack Read More »
ShinyHunters, a notorious cybercriminal underground group that’s been on a data breach spree since last year, has been observed searching companies’ GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers’ modus operandi has revealed. The revelation comes as the average cost of a data
Cyber Crime Group ShinyHunters Modus Operandi Detailed by Researchers Read More »
Maintainers of the popular open-source automation server software, Jenkins have disclosed a security breach after unidentified threat actors gained access to one of their servers via the exploitation of a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The attack is believed to have occurred last week, mounting against its Confluence
Jenkins Project Server Breached via an Atlassian Confluence Flaw Read More »
Millions of Android devices from over 70 countries have been affected by a newly discovered mobile campaign in the form of an Android app subscribing the individuals to premium services costing €36 (₦18,000) per month without their knowledge. This has been dubbed the “GriftHorse” by the Zimperium zLabs and the trojan is said to be
GriftHorse: The Android Trojan Stealing Millions of Dollars from Users Read More »
Researchers have reported that a large amount of third-party code used in cloud infrastructure possess vulnerabilities as well as insecure configurations. The security vendor’s Unit 42 Cloud Threat Report 2H 2021 used data from various public sources better to understand the threat from cloud software supply chains. Data from various public sources were used by
A vast number of Third-Party Cloud Containers possess popular vulnerabilities Read More »
The UK’s Ministry of Defence (MoD) reportedly suffers another data breach that has exposing details of more Afghan citizens who may be at risk of reprisals from Taliban forces. The government department was forced to apologize earlier this week for sending an email which exposed the data of more than 250 Afghan interpreters who worked
UK MoD Suffers Another Data Breach as More Afghan Citizens Data gets Exposed Read More »
A new Malware was revealed on Monday by Microsoft developed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services (AD FS) servers. Microsofts’ Threat Intelligence Center (MSTIC) codenamed the “passive and highly targeted backdoor” FoggyWeb, making it the threat
Microsoft cautions on FoggyWeb Malware Targeting Active Directory FS Servers Read More »
