A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services had been “compromised by a sophisticated threat actor,” the email-protection company announced in mid-January. That caused speculation that the breach was related to SolarWinds, which the firm confirmed in an update this week
Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. The service has forced password resets for impacted users.
Cybercriminals carrying out credential-stuffing take advantage of people who reuse the same passwords across multiple online accounts. Attackers simply build automated scripts that systematically try stolen IDs and passwords (either gleaned from a breach of another company or website, or purchased online) against various types of accounts.
The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a "heap overflow" memory corruption bug in the V8 JavaScript engine.
Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications.
Cybersecurity researcher Veno Eivazian identified two security issues as part of a series of laboratory tests. One is a rate limiting bypass under a non-default configuration, which effectively defeats the plugin purpose. The other one is an unauthenticated reflected XSS.
Back in 2017, the Cerber ransomware was the most dominant family of ransomware, at one point accounting for 90% of all ransomware attacks targeting Windows-based systems.
The latest component named masrv was first compiled on December 4, 2020, and it is still under testing. So far researchers have been only able to encounter one variant of this module.
Dubbed Oscorp, the malware abuses accessibility services in Android devices to steal user credentials and media content. The malware gets its name from the title of the login page of its C2 server.
Cases of identity theft in the United States doubled in 2020, mainly due to cybercriminals taking advantage of people affected economically by COVID-19 who filed to receive government benefits
Account takeover incidents as a share of fraudulent activity in the financial services industry rose by 19 percentage points in 2020 compared with 2019, according to new figures from Kaspersky.