Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks.
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects.
Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.
Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack.
There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned.
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.
APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence.
Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.