SolarWinds confirmes 18,000 customers may have been impacted
18,000 SolarWinds customers may have been impacted by the attack against its supply chain, the company said in a SEC filing....
News
SolarWinds advanced cyberattack: What happened and what to do now
Over the weekend we learned more about the sophisticated attack that compromised security firm FireEye, the US Treasury and Commerce...
A week in security (December 7 – December 13)
Last week on Malwarebytes podcast we talked to Doug Levin, founder of the K12 cybersecurity resource center and advisor to the...
Google’s Data Security: How Google Protects your Data from Cyber Threats?
The world is moving very fast towards technology and materialism. Subsequently, it has become increasingly difficult for people to shun...
Adaptive protection against invisible threats
Corporate endpoint security technologies for mid-sized companies struggle to surprise us with anything brand new. They provide reliable protection against...
WSMan-WinRM – A Collection Of Proof-Of-Concept Source Code And Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object
A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object.BackgroundFor background...
Stegseek – Worlds Fastest Steghide Cracker, Chewing Through Millions Of Passwords Per Second
Stegseek is a lightning fast steghide cracker that can be used to extract hidden data from files. It is built...
SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know
On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds...
Details for 1.9M members of Chinese Communist Party Members leaked
Security experts from Cyble discovered that the details of 1.9 million members of the Chinese Communist Party were leaked on...
US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software
Hackers broke into the networks of federal agencies and FireEye by compromising SolarWinds’ Orion Network Management Products. The cyber espionage...
Robotic Process Automation vendor UiPath discloses data breach
Last week, ZDnet reported in an exclusive that the tech unicorn UiPath admitted having accidentally exposed the personal details of...
Pay2Key hackers stole data from Intel’s Habana Labs
Pay2Key ransomware operators claim to have compromised the network of the Intel-owned chipmaker Habana Labs and have stolen data. Intel-owned...
Hacked Subway UK marketing system used in TrickBot phishing campaign
Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to...
In 2020, cybercriminals started laundering four times more money
According to the Kaspersky Fraud Prevention report, in 2020, attackers most often tried to make unauthorized money transfers by using...
Slipstream – NAT Slipstreaming Allows An Attacker To Remotely Access Any TCP/UDP Services Bound To A Victim Machine, Bypassing The Victim’s NAT/firewall, Just By The Victim Visiting A Website
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim's NAT/firewall...
403Bypasser – Burpsuite Extension To Bypass 403 Restricted Directory
An burpsuite extension to bypass 403 restricted directory. By using PassiveScan (default enabled), each 403 request will be automatically scanned...
Security Affairs Newsletter is back!
Security Affairs newsletter is back, it is the right time to subscribe to it. Every day I receive several emails...
Security Affairs newsletter Round 293
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs
Researchers have discovered a botnet dubbed PgMiner that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner....
NI CompactRIO controller flaw could allow disrupting production
A serious flaw in National Instruments CompactRIO controllers could allow remote attackers to disrupt production processes in an organization. A...
Here’s a Quick Guide to Safeguarding Credentials
Safeguarding your authentication credentials is your best defense towards preventing your identity from falling into wrong hands. A recent...
WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack
Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than...
Spotify reset user passwords after accidentally personal information exposure
Spotify is informing users that their personal information might have been accidentally shared with some of its business partners. Spotify...
Facebook links cyberespionage group APT32 to Vietnamese IT firm
Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has...
