Technical Advisory ā OpenJDK ā Weak Parsing Logic in java.net.InetAddress and Related Classes
Vendor: OpenJDK Project
Vendor URL: https://openjdk.java.net
Versions affected: 8-17+ (and likely earlier versions)
Systems Affected: All supported systems
Author: Jeff Dileo
Advisory URL / CVE Identifier: TBD
Risk: Low (implicit data validation bypass)
The private...
Relentless Russian Cyberattacks on Ukraine Raise Important Policy Questions
SECTOR 2022 -- Toronto ā The first shots in the Russia-Ukraine cyberwar were fired virtually on Feb. 23, when destructive attacks were launched against organizations the day before Russian...
Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information
By: Ravie Lakshmanan
Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of...
RatMilad Spyware Scurries onto Enterprise Android Phones
Attackers have been using a new spyware against enterprise Android devices, dubbed RatMilad and disguised as a helpful app to get around some countries' Internet restrictions.
For now, the campaign...
NullMixer Dropper Delivers a Multimalware Code Bomb
It's only after a user clicks a malicious link, downloads the malware, and then launches it that NullMixer is deployed. But once the dropper infects a victim's system, it...
CISA: Multiple APT Groups Infiltrate Defense Organization
Multiple advance persistent threat (APT) groups gained access to the network of a US-based defense organization in January 2021, extensively compromising the company's computers, network, and data for nearly...
Microsoft Updates Mitigation for Exchange Server Zero-Days
Microsoft today updated its mitigation measures for two recently disclosed and actively exploited zero-day vulnerabilities in its Exchange Server technology after researchers foundĀ its initial guidance could be easily bypassed.
Microsoft's...
Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers
By: Ravie Lakshmanan
Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least...
Steam Gaming Phish Showcases Browser-in-Browser Threat
Attackers have been targeting users of the popular Steam online gaming platform by using an emerging phishing tactic that deploys authentic-looking fake browser windows to steal credentials and take...
Bumblebee Malware Loader’s Payloads Significantly Vary by Victim System
A new analysis of Bumblebee, a particularly pernicious malware loader that first surfaced this March, shows that its payload for systems that are part of an enterprise network is...
