Three trivial bugs in Microsoft Teams Software remain unpatched
Researchers disclosed four vulnerabilities in the Teams business communication software, but Microsoft will not address three of them. Researchers from...
News
FBI traces and grabs back $150 million theft that was turned into bitcoins
On December 1, 2021, the Tokyo police arrested an employee of Sony Life Insurance on suspicion of fraudulently obtaining 17...
HackDHS bug bounty program accepts reports of Log4j-related flaws in DHS systems
The DHS has announced that it is expanding the ‘Hack DHS’ bug bounty program to report for Log4J impacting its...
Logistics giant warns of scams following ransomware attack
German logistics giant Hellmann Worldwide Logistics has issued a warning that data was stolen from the company when it was...
Choosing Christmas gifts for kids: Squid Game and Huggy Wuggy are trending
As the holidays approach, many of us are trying to figure out what to buy our family and friends. We...
A flaw in Microsoft Azure App Service exposes customer source code
A vulnerability in the Microsoft Azure App Service led to the exposure of customer source code for at least four years....
CISA releases a scanner to identify web services affected by Apache Log4j flaws
US CISA release of a scanner for identifying web services affected by two Apache Log4j remote code execution vulnerabilities. The...
Ubisoft discloses unauthorized access to ‘Just Dance’ user data
Video game company Ubisoft confirmed a security breach that resulted in unauthorized access to ‘Just Dance’ user data. Ubisoft discloses...
PYSA ransomware gang is the most active group in November
PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group...
A new version of the Abcbot bot targets Chinese cloud providers
Researchers spotted a new botnet named Abcbot hat that mainly targeted Chinese cloud hosting providers over the past months. Security...
How to detect Apache HTTP Server Exploitation
With recent news of the critical, zero-day vulnerability Apache Log4Shell, we explore how to detect and protect your Apache HTTP...
What to Do About Log4j
Learn more about some tactical measures people are already taking, and some strategic guidance for what to do after the...
US-CERT Bulletin (SB21-355):Vulnerability Summary for the Week of December 13, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Russian national extradited to US for trading on stolen Information
A Russian national was extradited to the US from Switzerland after he was charged for trading information stolen from hacked...
Patch these 2 Active Directory flaws to prevent the takeover of Windows domains
Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of...
Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’
On his blog, Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ project, thanks to the...
More than 35,000 Java packages impacted by Log4j flaw, Google warns
Google found more than 35,000 Java packages in the Maven Central repository that are impacted by flaws in the Apache...
Log4j Vulnerability Aftermath
Uptycs researchers have observed attacks related to miners, DDOS malware and some variants of ransomware actively leveraging LogforShell flaw in...
Answering Log4Shell-related questions
Important notice On December 18th, Log4j version 2.17.0 was released to address open vulnerabilities. It is highly recommended to update...
How and why do we attack our own Anti-Spam?
We often use machine-learning (ML) technologies to improve the quality of cybersecurity systems. But machine-learning models can be susceptible to...
DarkWatchman RAT uses Windows Registry fileless storage mechanism
DarkWatchman is a new lightweight javascript-based Remote Access Trojan (RAT) that uses novel methods for fileless persistence. Recently Prevailion experts...
2022 Cybersecurity Trends for DevSecOps
Trying to adopt DevSecOps culture? Or already in the thick of it? Trend Research explores the cybersecurity trends for 2022...
Nation-state actors are exploiting Zoho zero-day CVE-2021-44515 since October, FBI warns
The FBI warns that zero-day flaw in Zoho’s ManageEngine Desktop Central has been under active exploitation by nation-state actors since October. The Federal...
Everything you always wanted to know about NFTs (but were too afraid to ask): Lock and Code S02E24
In August, the NFT for a cartoon rock sold for $1.3 million, and ever since then, much of the world...
