18 Zero-Days Exploited So Far in 2022
So far this year, a total of 18 security vulnerabilities have been exploited as unpatched zero-days in the wild, according to an analysis – and half of those were...
Patch Now: Linux Container-Escape Flaw in Azure Service Fabric
Microsoft this week disclosed a serious container-escape vulnerability in its widely used Azure Service Fabric technology, which gives attackers a way to gain root privileges on the host node...
Shifting the Cybersecurity Paradigm From Severity-Focused to Risk-Centric
New cybersecurity vulnerabilities increased at a never-before-seen pace in 2021, with the number of vulnerabilities reaching the highest level ever reported in a single year. As a threat analyst...
Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing
Attackers continue to find significant success targeting unpatched servers and vulnerable remote-access systems, researchers say -- and these types of compromises cost victim organizations 54% more than compromises caused by user...
ZuoRAT Hijacks SOHO Routers from Cisco, Netgear
Security researchers have discovered a multi-stage remote access Trojan (RAT) currently being used against a wide range of small office-home office (SOHO) routers in Europe and North America —...
Forced Chrome extensions get removed, keep reappearing
Malwarebytes found a family of forced Chrome extensions that can't be removed because of a policy change that tells users "Your browser is managed".
In the continued saga of...
‘Raccoon Stealer’ Scurries Back on the Scene After Hiatus
The authors of "Raccoon Stealer," one of the most prolific information stealers of 2021, have released a new and improved version of the malware just three months after shutting...
Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign
A social-engineering campaign bent on stealing Facebook account credentials and victim phone numbers is targeting business pages via a savvy campaign that incorporates Facebook's Messenger chatbot feature.
That's according to...
New Vulnerability Database Catalogs Cloud Security Issues
Organizations traditionally have struggled to track vulnerabilities in public cloud platforms and services because of the lack of a common vulnerability enumeration (CVE) program like the one that MITRE maintains...
Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter
After a 2021 beleaguered by ransomware, attack volumes continue to balloon in 2022. In fact, a report issued Tuesday indicates that in just the first three months of this year,...
