Microsoft has deactivated a tool designed to simplify the installation of Windows applications after hacking groups began exploiting the functionality to distribute malware loaders, leading to infections involving backdoors and ransomware.
Google rolled out security updates Wednesday for its Chrome web browser to fix a critical vulnerability exploited in the wild. The zero-day vulnerability is a heap-based buffer overflow bug in the WebRTC framework that allows real-time communication between different browsers and devices.
Comcast says attackers stole personal information pertaining to 35.9 million customers of its Xfinity-branded TV, internet and home telephone services in an October attack that targeted a vulnerability - dubbed Citrix Bleed - present in NetScaler and Citrix networking equipment.
Marta Rybczyńska, technical program manager at Eclipse Foundation, discussed best practices for reporting vulnerabilities, adopting AI and bridging the gap between developers and security researchers to adhere to cybersecurity best practices for open-source software.
Vulnerability researcher Jesse Chick busted the tacit assumption that data centers are inherently more secure than other computing environments. Devices that are co-located in large data centers and those hosted on-premises share a lot of the same issues and vulnerabilities, he said.
Hackers are using publicly disclosed proof-of-concept code to exploit a recently patched critical vulnerability found in the Apache Struts 2 Framework to achieve remote code execution. The Apache Foundation, which manages the Struts library, on Dec. 7 urged developers to apply a patch.
North Korean hacking group Lazarus Group is exploiting Log4Shell to target manufacturing, agriculture and physical security sectors, resulting in the deployment of a tailored implant on compromised systems. The attack campaign targeted publicly accessible VMware Horizon servers.
Bugcrowd CEO Dave Gerry and Emily Ferdinando, vice president, marketing, highlighted the significance of tapping into the creativity of the ethical hacker community, combined with the expertise of internal security teams, to enable organizations to stay one step ahead of cyberthreats.
A Russian military hacking intelligence group is winning the race to exploit known vulnerabilities before system administrators can apply patches, warns Proofpoint. The firm has seen a spike in activity from TA422, also known as APT28, Fancy Bear and Forest Blizzard.
A recent spike in ransomware attacks has prompted federal regulators and the American Hospital Association to issue urgent warnings to hospitals and other healthcare firms to prevent potential exploitation of the Citrix Bleed software flaw affecting some NetScaler ADC and NetScaler Gateway devices.
Russian military intelligence hackers active in Poland are exploiting a patched flaw in Microsoft Outlook, say cyber defenders from Redmond and Warsaw. Microsoft in a Monday post identifies the hackers as Forest Blizzard, also known as APT28 and Fancy Bear.
Security researchers say attackers are actively attempting to exploit a critical vulnerability in unpatched ownCloud implementations, which they can use to steal credentials and other secret information. Last month, ownCloud said it had sent all users a security alert and updates to fix the flaws.
Patient services - including emergency care and telehealth appointments - are still affected at dozens of hospitals and other care facilities in several states operated by Ardent Health Services as the Tennessee-based organization continues to respond to a Thanksgiving Day ransomware attack.
The Cybersecurity and Infrastructure Security Agency is requiring federal agencies to patch Linux devices on their networks and urging private sector organizations to do the same after security researchers observed threat actors exploiting a new vulnerability on many major Linux distributions.
With experts warning that NetScaler ADC and Gateway devices are being exploited by nation-state and cybercrime groups, the manufacturer has again urged all users to "patch immediately" as well as terminate active sessions, which attackers can otherwise use to access devices even post-patch.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.