U.S. online store PulseTV disclosed a potential credit card data breach, more than 200,000 customers have been impacted. U.S. online store PulseTV has disclosed a credit card data breach that has impacted more than 200,000 customers. According to the notification letter published by the Office of the Maine Attorney General, VISA informed the company on March […]
Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions. The attacks work against drives with flex […]
China-linked APT group Aquatic Panda is exploiting the Log4Shell vulnerability to compromise a large academic institution. China-linked cyberespionage group Aquatic Panda was spotted exploiting the Log4Shell vulnerability (CVE 2021-44228) in an attack aimed at a large academic institution. According to the Crowdstrike OverWatch team, the APT group is using a modified version of the Log4j […]
China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as âFlagproâ. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as âFlagproâ. Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times. According to a report by NTT Security, Flagpro has […]
Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving […]
Experts warn of malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised systems. Security expert from Morphus Labs recently observed several malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines. MSBuild is a free and open-source build toolset for managed code as well […]
Shutterfly, an online platform for photography and personalized products, has been affected by a ransomware attack. Shutterfly, is American photography, photography products, and image sharing company that owns multiple brands such as BorrowLenses, GrooveBook, Lifetouch, Shutterfly, Snapfish, Spoonflower, and Tiny Prints. The service allows users to create personalized photo gifts such as smartphone cases, photo books, wall art, and […]
The Apache Software Foundation released Apache HTTP Server 2.4.52 to address a couple of security flaws that can lead to remote code execution. The Apache Software Foundation has released the Apache HTTP Server 2.4.52 to address a couple of vulnerabilities, tracked as CVE-2021-44790 and CVE-2021-44224, that can lead to remote code execution attacks. The CVE-2021-44790 […]
Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. The backdoors were discovered as part of penetration testing, they allow attackers to gain full […]
Albaniaâs prime minister Edi Rama apologized for the massive leak of personal records from a government database of state. Albaniaâs prime minister this week apologized for the massive leak of personal records from a government database of state. Exposed records include the personal identity card numbers, employment and salary data of some 637,000 people. The […]