CERT-In, India’s computer and emergency response organisation, released new guidelines on Thursday that service providers, intermediaries, data centres, and government institutions should disclose cybersecurity incidents, including data breaches, within six hours. “Any service provider, intermediary, data centre, body corporate, and…
Latest posts - Page 3
Microsoft Azure flaw uncovers PostgreSQL databases to other customers
On Thursday, Microsoft said it had patched a pair of flaws with the Azure Database for PostgreSQL Flexible Server that can lead to unauthorised cross-account database access in a region. “By exploiting an elevated permissions bug in the Flexible Server…
Onyx ransomware destroys files instead of encrypting them
Instead of encrypting files larger than 2MB, a new Onyx ransomware operation is destroying them, preventing them from being decrypted even if a ransom is paid. MalwareHunterTeam, a security research firm, found Onyx, a new ransomware operation, last week. Onyx…
CISA has added seven new vulnerabilities to the list of defects that have been exploited in attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) has included seven new vulnerabilities to its list of actively exploited security concerns, including Microsoft, Linux, and Jenkins vulnerabilities. The ‘Known Exploited Vulnerabilities Catalog’ is a list of vulnerabilities that have been…
RedLine Stealer infecting computers as part of New Rig Exploit Kit campaign
Attackers are planting RedLine Stealer trojan using an exploit kit. The attackers are taking advantage of an Internet Explorer flaw which was fixed by Microsoft last year. “When executed, RedLine Stealer performs recon against the target system (including username, hardware,…
The top exploited vulnerabilities in 2021 have been revealed by cybersecurity firms
Cybersecurity authorities around the world have released a list of the top 15 vulnerabilities regularly exploited by threat actors in 2021, in collaboration with the NSA and the FBI. In a joint alert, the cybersecurity authorities recommended enterprises to patch…
SQLi could be used to modify student grades on the Greek education portal UniverSIS.
Academic grades were at danger due to a SQL injection (SQLi) vulnerability in an open-source platform established by Greek universities to manage student data. According to a blog post published by security researcher Stavros Mekesis, miscreants exploiting the weakness in…
Prynt Stealer: A new tool for attackers
Researchers have found a new infostealer on cybercrime forums having innumerable features. It can not only pilfer victims’ data but also execute financial thefts using clippers and keylogging. Researchers from Cyble have tracked Prynt Stealer in the wild and analysed…
Vulnerability in VirusTotal allows attackers to take control of unpatched third-party antivirus
Security researchers have revealed a security issue that could enable attackers to exploit the VirusTotal platform for remote code execution (RCE) on unpatched third-party sandboxing machines employed by antivirus engines. The vulnerability, now fixed, allowed to “execute commands remotely within…
FBI issues alert regarding BalckCat ransomware that has affected 60 organisations
The U.S. Federal Bureau of Investigation (FBI) has warned the public of the BlackCat ransomware-as-a-service (RaaS). The ransomware has affected 60 entities globally as of March 2022 (Emerged in November 2021). The ransomware, also known as ALPHV and Noberus, is…