Security News

Filter by:

Half-Billion Compromised Credentials Lurking on Open Cloud Server

A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned.
Threatpost 22 Dec 2021 531 Views

Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look

There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
Threatpost 22 Dec 2021 612 Views

Ubisoft confirms Just Dance data breach amid developer exodus

Ubisoft said there was an intrusion into the company's IT infrastructure targeting Just Dance.
ZDnet 22 Dec 2021 473 Views

Conti Ransomware Gang Has Full Log4Shell Attack Chain

Packet Storm 21 Dec 2021 23822 Views

Bad things come in threes: Apache reveals another Log4J bug

Third major fix in ten days is an infinite recursion flaw rated 7.5/10 The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j.…
The Register 20 Dec 2021 13133 Views

New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. "This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse...
The Hacker News 18 Dec 2021 971 Views

Log4j attackers switch to injecting Monero miners via RMI

Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success.
Bleeping Computer 17 Dec 2021 923 Views

Malicious Exchange Server Module Hoovers Up Outlook Credentials

"Owowa" stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.
Threatpost 16 Dec 2021 405 Views

Ransomware in 2022: We're all screwed

Security experts tell us what to expect in the cybercriminal landscape as we head into the new year. It's not good.
ZDnet 16 Dec 2021 540 Views

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.
Threatpost 16 Dec 2021 466 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY