Enlarge (credit: Getty Images) Ransomware operators shut down two production facilities belonging to a European manufacturer after deploying a relatively new strain that encrypted servers that control manufacturer’s industrial processes, a researcher from Kaspersky Lab said on Wednesday. The ransomware known as Cring came to public attention in a January blog post. It takes hold […]
Enlarge (credit: Getty Images) The FBI and the Cybersecurity and Infrastructure Security Agency said that advanced hackers are likely exploiting critical vulnerabilities in the Fortinet FortiOS VPN in an attempt to plant a beachhead to breach medium and large-sized businesses in later attacks. “APT actors may use these vulnerabilities or other common exploitation techniques to […]
(credit: Aurich Lawson / Ars Technica) Microsoft Exchange servers compromised in a first round of attacks are getting infected for a second time by a ransomware gang that is trying to profit from a rash of exploits that caught organizations around the world flat-footed. The ransomware—known as Black Kingdom, DEMON, and DemonWare—is demanding $10,000 for […]
Enlarge (credit: Getty Images) In a development security pros feared, attackers are actively targeting yet another set of critical server vulnerabilities that leave corporations and governments open to serious network intrusions. The vulnerability this time is in BIG-IP, a line of server appliances sold by Seattle-based F5 Networks. Customers use BIG-IP servers to manage traffic […]
Enlarge (credit: Getty Images) A team of advanced hackers exploited no fewer than 11 zeroday vulnerabilities in a nine-month campaign that used compromised websites to infect fully patched devices running Windows, iOS, and Android, a Google researcher said. Using novel exploitation and obfuscation techniques, a mastery of a wide range of vulnerability types, and a […]
Enlarge (credit: Getty Images) The Microsoft Exchange vulnerabilities that allow hackers to take over Microsoft Exchange servers are under attack by no fewer than 10 advanced hacking groups, six of which began exploiting them before Microsoft released a patch, researchers reported Wednesday. That raises a vexing mystery: how did so many separate threat actors have […]
Enlarge (credit: Drew Angerer | Getty Images) Microsoft has patched a critical zero-day vulnerability that North Korean hackers were using to target security researchers with malware. The in-the-wild attacks came to light in January in posts from Google and Microsoft. Hackers backed by the North Korean government, both posts said, spent weeks developing working relationships […]
Enlarge (credit: Getty Images) Tens of thousands of US-based organizations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring application, it was widely reported. Microsoft issued emergency patches on Tuesday, but they do nothing to disinfect systems that […]
Enlarge (credit: Getty Images) Microsoft is urging customers to install emergency patches as soon as possible to protect against highly skilled hackers who are actively exploiting four zeroday vulnerabilities in Exchange Server. The software maker said hackers working on behalf of the Chinese government have been using the previously unknown exploits to hack on-premises Exchange […]
Enlarge (credit: Gab.com) Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab’s open source code shows that the critical vulnerability—or at least one very much like it—was introduced […]