Cybersecurity

Cyber-spies target Microsoft Exchange to steal M&A info

A cyber-spy group is targeting Microsoft Exchange deployments to steal data related to mergers and acquisitions and large corporate transactions, according to Mandiant. The infosec giant's researchers have dubbed the cyber-espionage threat group UNC3524…

Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention

In total, Anonymous leaked 285,635 confidential emails belonging to the Nauru Police Force of the tiny Nauru Island infamously known for being used by Australia as an offshore refugee detention center in return for aid. On Monday, May 2nd, 2022, the Anonymous collective…

White House wants nation to prepare for cryptography-breaking quantum computers

A memorandum issued Wednesday by President Joe Biden orders federal agencies to ramp up preparations for a day when quantum computers are capable of breaking the public-key cryptography currently used to secure digital systems around the world. The document…

F5 warns of critical BIG-IP RCE bug allowing device takeover

F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. The vulnerability is tracked as CVE-2022-1388 and has a CVSS…

Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk

A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices. An unpatched Domain Name System (DNS) bug in a popular standard C library can allow attackers to mount DNS poisoning attacks…

Critical RCE Bug Reported in dotCMS Content Management Software

A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and "used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses."…

Google Sees More APTs Using Ukraine War-Related Themes

Researchers at Google's Threat Analysis Group (TAG) say the number of advanced threat actors using Ukraine war-related themes in cyberattacks went up in April with a surge in malware attacks targeting critical infrastructure. According to Google, known state-backed…

Attackers Use Event Logs to Hide Fileless Malware

A sophisticated campaign utilizes a novel anti-detection method. Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into…

FBI: Business Email Compromise attacks led to more than $43 billion in losses since 2016

More than $43 billion has been lost through Business Email Compromise and Email Account Compromise scams since 2016, according to data released Wednesday by the FBI. The FBI and its Internet Crime Complaint Center (IC3) said in an alert that when it combined…

Pixiv, DeviantArt artists hit by NFT job offers pushing malware

Users on Pixiv, DeviantArt, and other creator-oriented online platforms report receiving multiple messages from people claiming to be from the "Cyberpunk Ape Executives" NFT project, with the main goal to infect artists' devices with information-stealing malware…