Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.
CloudLinux’ security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.
Pen Test Partners didn’t disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
A hefty slice of data – that of 100K+ current and former employees – was spilled in an “external system breach,” the pizza chain said.
The MICROP ransomware spreads via Google Drive and locally stored passwords.
Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.
The bureau’s flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets’ networks.
Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific ‘ephemeral’ aspect of the project-management tool to link to SharePoint phishing pages.
Pankaj Gupta, Senior Director at Citrix, outlines how distributed denial of service attacks have become increasingly sophisticated, bigger and economically motivated.