U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw

U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw

The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system. “Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate,” the Cyber National Mission…

Microsoft Links SolarWinds Serv-U SSH 0-Day Attack to a Chinese Hacking Group

Microsoft Links SolarWinds Serv-U SSH 0-Day Attack to a Chinese Hacking Group

E Hacking News – Latest Hacker News and IT Security News 5. September 2021 This article has been indexed from E Hacking News – Latest Hacker News and IT Security News   Microsoft Threat Intelligence Center has published technical facts regarding a now-patched, 0-day remote code execution exploit affecting SolarWinds Serv-U managed file transfer service…

WhatsApp security vulnerability could have exploited two billions users

WhatsApp security vulnerability could have exploited two billions users

A security vulnerability in popular messaging app WhatsApp’s image filter function discovered by Check Point Research could have exploited more than two billion users worldwide if left unpatched. It is estimated more than 55 billion messages are being sent daily over WhatsApp, with 4.5 billion photos and one billion videos shared per day.  Check Point Research recommends…

Irish Police ‘Significantly Disrupt’ HSE Attackers’ Ops

Irish Police ‘Significantly Disrupt’ HSE Attackers’ Ops

Critical Infrastructure Security , Cybercrime , Cybercrime as-a-service Authorities Target Health Sector Ransom Gang’s IT Infrastructure Mihir Bagwe • September 6, 2021     GNCCB has deployed a “splash screen” on seized domains (Source Garda.ie) The Irish law enforcement body, the Garda National Cyber Crime Bureau, has conducted a “significant disruption operation,” targeting the IT…

FBI IC3 warns of a spike in sextortion attacks ………….Security Affairs

FBI IC3 warns of a spike in sextortion attacks ………….Security Affairs

The FBI Internet Crime Complaint Center (IC3) warns of a spike in sextortion attacks since the beginning of 2021 that caused $8M losses. The FBI Internet Crime Complaint Center (IC3) is warning of a significant increase in sextortion complaints since the beginning of 2021. In a sextortion attack, threat actors threaten to distribute the victims…

Conti Ransomware Is Now Using ProxyShell Exploits to Compromise Exchange Servers

Conti Ransomware Is Now Using ProxyShell Exploits to Compromise Exchange Servers

Conti Ransomware Is Now Using ProxyShell Exploits to Compromise Exchange Servers | IT Security News Android App Android App with push notifications Sponsors Endpoint Cybersecurity www.endpoint-cybersecurity.com – Consulting in building your security products– Employee awareness training– Security tests for applications and pentesting… and more. Daily Summary Categories CategoriesSelect Category(ISC)2 Blog  (323)(ISC)2 Blog infosec  (13)(ISC)² Blog  (420)2020-12-08 – Files…

Traffic Exchange Networks Distributing Malware Disguised as Cracked Software

Traffic Exchange Networks Distributing Malware Disguised as Cracked Software

An ongoing campaign has been found to leverage a network of websites acting as a “dropper as a service” to deliver a bundle of malware payloads to victims looking for “cracked” versions of popular business and consumer applications. “These malware included an assortment of click fraud bots, other information stealers, and even ransomware,” researchers from…

This New Malware Family Using CLFS Log Files to Avoid Detection

This New Malware Family Using CLFS Log Files to Avoid Detection

Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms. FireEye’s Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the…

Major IPS in New Zealand hit by massive DDoS, Internet outages reported

Major IPS in New Zealand hit by massive DDoS, Internet outages reported

Major IPS in New Zealand hit by massive DDoS, Internet outages reported | IT Security News 5. September 2021 This article has been indexed from Security Affairs A massive DDoS hit New Zealand ‘s third-largest internet operator isolating parts of the country from the Internet. A massive DDoS hit Vocus ISP, New Zealand ‘s third-largest…