Cybersecurity researchers have revealed information on a now-patched bug in Box multi-factor authentication (MFA). The bug could be exploited to circumvent SMS-based login verification. “Using this technique, an attacker could use stolen credentials to compromise an organization’s Box account and…
The largest dark web marketplace for stolen credit and debit cards, UniCC has stated that it’s shutting down its operations. Since 2013, UniCC has earned $358 million in purchases entailing cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. “Don’t build…
Researchers have uncovered a critical vulnerability plaguing three different WordPress plugins. These plugins can affect more than 84,000 websites and may be exploited by threat actors to take over vulnerable websites. “This flaw made it possible for an attacker to…
An unknown rootkit has been targeting Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server management technology. The hackers have used the iLO to rig the firmware modules and obliterate data from the infected systems. Amnpardaz, an Iranian cybersecurity firm, uncovered the vulnerability,…
A crypto mining campaign, which has been active, has developed its method to avoid detection. The threat actors have evolved their attack method to go undetected, new research today has disclosed. The crypto mining attack campaign was first uncovered in…
Log4j news – On 28th December 2021, another vulnerability affecting the Log4j logging library was discovered. The vulnerability is labelled CVE-2021-44832. The vulnerability CVE-2021-44832 affects versions 2.17.0 and before. The vulnerability was assumed to be patched, but it wasn’t. The…
Cybersecurity researchers have offered insight into a system known as Double Feature. The system tracks different stages of post-exploitation originating from the DanderSpiriz—a full-featured malware framework deployed by the Equation group. DanderSpirtz was first discovered on April 14, 2017; DanderSpritz…
Imperva Research Lab’s study concluded that web application attacks are rising, on average, by 22% each quarter. The study examined nearly 4.7 million web application incidents. Further, the attacks have increasingly increased from Q2 2021 to Q3 2021— a 67.9% surge.…
Hackers targeted a hospital system in West Virginia; the attackers used a phishing attack for a data breach from the hospital’s system. Monongalia health system, which also operates Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company, stated…
Microsoft has pushed users to patch two security vulnerabilities in Active Directory domain controllers that it released in November. Microsoft has become active after a proof-ofo-concept video was made available on December 12. The two vulnerabilities—labeled as CVE-2021-42287— have been…
