Lemon Duck Cryptojacking Botnet Changes Up Tactics
The sophisticated threat is targeting Microsoft Exchange servers via ProxyLogon in a wave of fresh attacks against North American targets.
The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group...
Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks
The networking giant has rolled out patches for remote code-execution and command-injection security holes that could give attackers keys to the kingdom.
Cisco has addressed two critical security vulnerabilities in...
Raft of Exim Security Holes Allow Linux Mail Server Takeovers
Remote code execution, privilege escalation to root and lateral movement through a victim’s environment are all on offer for the unpatched or unaware.
A veritable cornucopia of security vulnerabilities in...
Anti-Spam WordPress Plugin Could Expose Website User Data
‘Spam protection, AntiSpam, FireWall by CleanTalk’ is installed on more than 100,000 sites — and could offer up sensitive info to attackers that aren’t even logged in.
An SQL-injection vulnerability...
Apple Fixes Zero‑Day Security Bugs Under Active Attack
On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine.
Apple has issued out-of-band...
Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs
The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others.
Pulse Secure has rushed...
Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup
Vendor: ParcelTrack
Vendor URL: https://www.parceltrack.de/
Versions affected: ParcelTrack Android Version 3.3, ParcelTrack iOS Version 3.3
Author: Dan Hastings – dan.hastingsnccgroupcom
Summary
Upon start of the ParcelTrack application any data contained on the global...
Manufacturing’s Cloud Migration Opens Door to Major Cyber-Risk
New research shows that while all sectors are at risk, 70 percent of manufacturing apps have vulnerabilities.
Web-facing applications continue to be one of the highest security risks present for...
Microsoft Offers Up To $30K For Teams Bugs
A bug-bounty program launched for the Teams desktop videoconferencing and collaboration application has big payouts for finding security holes.
Microsoft wants to send the message the company is serious about...
Microsoft Exchange Servers See ProxyLogon Patching Frenzy
Vast swathes of companies were likely compromised before patches were applied, so the danger remains.
The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security...