WordPress Plug-in Ninja Forms Issues Update for Critical Bug
A new security update to the Ninja Forms WordPress plug-in — which has more than 1 million active installations — patches a code injection vulnerability researchers say is being...
Internet Explorer Now Retired but Still an Attacker Target
Microsoft's official end-of-support for the Internet Explorer 11 desktop application on June 15 relegated to history a browser that's been around for almost 27 years. Even so, IE still...
EU & US Unite to Fight Ransomware
The US Department of Justice, along with the European Union criminal justice organization Eurojust, brought together law enforcement and legal experts recently at The Hague in workshops to enhance...
Critical Citrix Bugs Impact All ADM Servers, Agents
Citrix is advising users of its Application Delivery Management (ADM) solutions to update their systems against a pair of newly discovered vulnerabilities.
Tracked under CVE-2022-27511, the first vulnerability could allow system...
‘Hertzbleed’ Side-Channel Attack Threatens Cryptographic Keys for Servers
A side-channel timing attack dubbed "Hertzbleed" by researchers could allow remote attackers to sniff out cryptographic keys for servers. It affects most Intel processors, as well as some chipsets...
Why We Need Security Knowledge and Not Just Threat Intel
For organizations struggling to defend against today's onslaught of cyberattacks, data can be both a blessing and a curse. Companies rely on data they get from outside sources, such...
Wormable Panchan Peer-to-Peer Botnet Harvests Linux Server Keys
A peer-to-peer (P2P) botnet and worm called Panchan has been actively breaching Linux servers and harvesting Secure Shell (SSH) keys to perform lateral movement — at times brute-forcing credentials.
That's according...
Thousands Arrested in Global Raids on Social-Engineering Scammers
Interpol has announced that a coordinated, global law-enforcement effort has led to the arrest of 2,000 individuals and the seizure of more than $50 million in illicit funds stolen...
Chinese Threat Actor Employs Fake Removable Devices as Lures in Cyber-Espionage Campaign
One of the primary hallmarks of an advanced persistent threat (APT) group is its ability to operate undetected for years while carrying out its specific mission.
The newest example is...
Microsoft Patches ‘Follina’ Zero-Day Flaw in Monthly Security Update
Microsoft today issued a patch for the recently disclosed and widely exploited "Follina" zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) as part of its scheduled security update...
