The email campaign also made use of Microsoft Word, which exploited a 22-year-old Office RCE flaw. While most malicious e-mail campaigns employ Word documents to disguise and spread malware, researchers have uncovered that a recently discovered campaign combines a malicious…
More than 90,000 websites are affected by the privilege escalation bug discovered in the Jupiter and JupiterX Core Plugin. According to scientists, a significant privilege escalation problem discovered in two themes used by over 90,000 WordPress web pages can allow…
IBM has extended a program that improves cybersecurity defenses of public schools with$5 million in grants. On Tuesday, IBM announced that it would offer a $5 million grant to public schools, including K-12 institutions in the United States. IBM’s existing…
Ransomware is not a novel type of attack. Indeed, the first malware surfaced almost 30 years ago and was delivered using 5.25-inch floppy discs. The victim had to send money to a P.O. Box in Panama to pay the ransom.…
If an attacker gains access to a transit agency’s networks, the consequences might be considerably more serious than server outages or exposed emails. Consider an attack on a transportation agency in charge of railway and subway routes. The consequences could…
A security researcher asserts that he has uncovered an unpatched flaw in PayPal’s money transfer service. The flaw can allow attackers to deceive victims into inadvertently completing attacker-directed transactions with a single click. Clickjacking, also goes by the name UI…
XorDdos, a Linux botnet malware, has been used extensively—a 254% increase—in the last six months, a Microsoft research reports. The trojan derives its name from its denial-of-service attacks on Linux; it uses XOR-based encryption for communicating with its command-and-control (C2)…
Last month Google patched a severe flaw in its OAuth client library for Java; the actors can exploit the flaw by using a compromised token to plant arbitrary payloads. The flaw, tracked CVE-2021-22573 and rated 8.7 out of 10 on…
On Tuesday, Microsoft warned about a malicious campaign targeting SQL servers that uses a built-in PowerShell binary to persist on affected systems. The intrusions, which make the most of brute-force attacks as an initial compromise vector, are exceptional for their…
Microsoft is warning of a new variant of the srv botnet that’s exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version…
