Tag: security
One small tweak gave researchers a powerful web domain ability that could prove incredibly useful for hackers
A cybersecurity researcher recently stumbled upon an Internet vulnerability allowing him to track people’s email, run code on servers, and even counterfeit HTTPS certificates – in fact, it gave him so many options, it has been described as having “superpowers”. The vulnerability is quite a simple one in nature –…
Read More
Chinese banking giant’s London HQ targeted by cybercriminals, threatening to leak millions of files
The London branch of the Industrial and Commercial Bank of China (ICBC) has suffered a ransomware attack that saw the hackers make off with plenty of sensitive data. A report from The Register, citing an announcement posted on the threat actor’s data leak site, says ICBC has until September 13…
Read More
Chinese hackers target Windows servers with SEO poisoning campaign
Hackers are taking advantage of vulnerable servers to take over websites, and use them to steal people’s credentials, deploy malware, and more. A report from Cisco Talos, who have been tracking the activity for some time now, revealed the group would first seek out vulnerable web application services such as…
Read More
Kaspersky security tools hijacked to disable online protection systems
The infamous RansomHub ransomware group has been spotted abusing a legitimate Kaspersky tool to disable endpoint detection and response (EDR) tools and then deploy stage-two malware on infected systems without being seen. Cybersecurity researchers Malwarebytes, who recently spotted the activity in the wild, noted once RansomHub compromises an endpoint and…
Read More
Microsoft confesses its recent security updates…broke Windows 10 security patches
In its latest Patch Tuesday cumulative update, Microsoft has confirmed an embarassing bug which broke older security patches installed on Windows 10 devices. The bug is tracked as CVE-2024- 43491, and affects Windows 10 version 1507 – an older version still supported for Windows 10 Enterprise 2015 LTSB and Windows…
Read More
Ivanti patches serious endpoint management software security bugs, so update now
Ivanti has released a patch for a critical security vulnerability, advising users to apply it immediately to secure their infrastructure. In an advisory, Ivanti said it had uncovered a deserialization of untrusted data weakness in its Endpoint Management (EPM) agent portal. The vulnerability is tracked as CVE-2024-29847 and carries a…
Read More