Author: Admin

Security researchers have warned attackers are abusing months-old Microsoft Exchange Server flaws to send convincing malware-laden phishing emails within organizations. A team at Trend Micro spotted the campaign, which exploits the ProxyLogon and ProxyShell vulnerabilities patched by Microsoft in March and May respectively. By doing so, attackers are able to compromise a victim organization’s on-premises Exchange server, and then send phishing emails to other inboxes in the same organization — disguised as legitimate replies to existing…

The Securities and Exchange Commission (SEC) has warned of a new multi-channel phishing campaign designed to elicit personal and financial information from victims. An investor alert from the regulator revealed that several people have come forward claiming to have received phone calls or voicemail messages from purported SEC staff. The scammers apparently raised concerns about suspicious activity on the recipients’ checking or cryptocurrency accounts in a bid to trick them into handing over more sensitive info —…

The world’s largest manufacturer of wind turbines was forced to shut down IT systems across several locations over the weekend after a cybersecurity incident. In a brief notice on Saturday, Vestas Wind Systems claimed the attack struck the day before, with IT services in multiple business units affected. At the time, the Danish firm said that customers, employees and other stakeholders could be affected by the incident, and that it was working with internal and…

The time to repurpose vulnerabilities into working exploits will be measured in hours and there’s nothing you can do about it… except patch By Fred House 2021 is already being touted as one of the worst years on record with respect to the volume of zero-day vulnerabilities exploited in the wild. Some cite this as evidence of better detection by the industry while others credit improved disclosure by victims. Others will simply conclude that as…

Word splitting is a function of BASH that I was unfamiliar with, but it is definitely one that impacted my recent research. From the bash(1) man page: IFS The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command. The default value is <space><tab><newline>. Word Splitting The shell scans the results of parameter expansion, command substitution, and arithmetic expansion that did not occur…

Currently, ransomware is the most prominent cyber threat to businesses and individuals. Ransomware attacks are growing more prevalent as cybercriminals find new ways to profit from them. According to CyberEdge’s 2021 Cyberthreat Defense Report, 62% of organizations were victimized by ransomware in 2019—up from 56% in 2018 and 55% in 2017. This rise is arguably fueled by the dramatic increase in ransomware payments. More than half (58%) of ransomware victims paid a ransom last year,…