Cybersecurity researchers have revealed a campaign entailing the injection of malicious JavaScript code into affected WordPress websites. The affected websites redirect visitors to fake pages and other infected websites to create illegitimate traffic. “The websites all shared a common issue…
Latest posts - Page 60
Ransomware and cryptocurrency crime are the focus for a new DOJ team.
While no security officer would rely only on this, it’s encouraging to hear that the US Department of Justice is stepping up its efforts to combat cybercrime. New efforts will focus on ransomware and cryptocurrency occurrences, according to Deputy Attorney…
German companies are being targeted with malicious NPM packages
Cybersecurity researchers have found several malicious packages in the NPM registry, and these packages have been targeting big German companies to execute supply chain attacks. “Compared with most malware found in the NPM repository, this payload seems particularly dangerous: a…
Microsoft fixes vulnerability plaguing Azure Synapse and Data Factory
On Monday, Microsoft said it patched a vulnerability plaguing Azure Synapse and Azure Data Factory. Further, Microsoft said, if the vulnerability was successfully exploited, it could lead to remote code execution. Researchers from Orca Security have codenamed the vulnerability, labelled…
A fresh perspective on “fileless” malware: Event logs carrying harmful code
Security researchers have discovered a malicious campaign that stores malware in Windows event logs, a technique that has never been publicly described for attacks in the wild. The technology allowed the attacker to plant fileless malware in the file system…
DeFi Platform loses more than $2 million
MM. Finance revealed that hackers stole $2 million in digital assets in a Domain Namer System (DNS) attack. These attacks entail hackers targeting the availability or stability of a network’s DNS service. The team at MM.Finance—which claims to be the…
Researchers create an RCE exploit for the latest F5 BIG-IP flaw
Security researchers are warning that they were able to construct an exploit for a serious remote code execution vulnerability affecting F5’s BIG-IP family of devices just days after the company provided patches for the flaw. The weakness, which has been…
Chinese hacker group Mustang Panda executing espionage attacks
Mustang Panda, a China-based threat actor, has been improving and adding tools to attack firms located in Asia, the European Union, Russia, and the U.S. “Mustang Panda is a highly motivated APT group relying primarily on the use of topical…
SharePoint, VPNs, and Virtual Machines are all on Lapsus$’ radar
The NCC Group has released a new report that reveals how Lapsus$ attacks are launched. The report goes into detail about the highly unpredictable attacks’ techniques and tactics, as well as how the group targets its victims. The Lapsus$ attacks…
CISCO releases patches for three flaws plaguing NFVIS software
Cisco systems rolled out patches for three flaws affecting its enterprise NFV Infrastructure Software (NFVIS). The attackers can use the flaw to compromise and take over the controls from users. The flaws labelled CVE-2022-20777, CVE-2022-20779 and CVE-2022-20780, “could allow an…