Potential victims are sent phishing documents branded with the United Nations' Human Rights Council (UNHRC) logo. Named UgyhurApplicationList.docx, this document contains decoy material relating to discussions of human rights violations.
Japanese tech giant Fujitsu has temporarily taken down its ProjectWEB enterprise software-as-a-service (SaaS) platform after hackers gained access to its systems and stole files belonging to multiple Japanese government entities.
SonicWall reveals in a security advisory, is an OS command injection flaw that could be exploited by an attacker who has already been able to authenticate to a vulnerable system. The fact that authentication is required for exploitation lowers the severity of the flaw.
Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment (IDE).
A serious security vulnerability existed in the WordPress plugin ReDi Restaurant Reservation. Specifically, researchers found an XSS vulnerability in the plugin that allowed an adversary to steal sensitive customer data.
Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defences.
New ransomware written in Golang called Epsilon Red was recently unearthed by security experts. This ransomware is delivered as the final executable payload in a human-controlled attack. According to Sophos analysts, it was observed in attacks aimed at U.S.-based hospitality businesses.
Cybersecurity experts from Qihoo 360 NETLAB published details about a new backdoor, dubbed Facefish, which can be used by threat actors to steal login credentials and executing arbitrary commands on Linux systems.
The popular resource helping people with managing breached passwords, Have I Been Pwned, brings some interesting updates. At first, Troy Hunt has announced making HIBP open source. Secondly, the FBI has pledged to officially share all pwned passwords with HIBP.
Misconfigured Docker daemons allow remote attackers to gain full control over a Docker instance and perform operations, such as deploying new containers and even escalating to the host.
Microsoft recently released a useful tool for the cybersecurity community. Named as ‘SimuLand’, the tool is an open-source project from Microsoft that allows testing real-time attack scenarios.
