Threats

Heartbleed 2.0? OpenSSL Warns of Second-Ever Critical Security Flaw

The OpenSSL project this week announced plans to release version 3.0.7 on November 1 to patch a critical security flaw affecting versions 3.0 and later. Co-founder Mark J. Cox noted it's only the sec...

Cybercriminals Use Fake Public PoCs to Spread Malware and Steal Data

GitHub proofs of concept (PoCs) for known vulnerabilities could themselves contain malware as often as 10% of the time, security researchers have found. Researchers at the Leiden Institute of Adva...

New Version of Fodcha DDoS Botnet Adds Extortion

Back in April of this year, 360 Netlab researchers reported on a new DDoS botnet with more than 10,000 daily active bots and over 100 DDoS victims per day, dubbed Fodcha due to its command and contro...

Data Exfiltration: Symantec Warns of Exbyte Threat as Hive Group Leaks Tata Data

Symantec researchers are warning that a BlackByte ransomware affiliate has begun using a custom data exfiltration tool, Infostealer.Exbyte, to steal data from victims' networks as part of their attac...

How to Recover From a Ransomware Attack

The best way to recover from a ransomware attack is to execute a carefully practiced incident response plan. So easy to say, so difficult to do correctly. In fact, many organizations have no plan ...

Ransomware Group Bypasses Windows 10 Warnings

A ransomware family targeting individual computer users is using a zero-day Windows bug to infect users, ANALYGENCE senior vulnerability analyst Will Dormann has found. HP Wolf Security researcher...

Time-Consuming Remediation: Assessing the Impact of Text4Shell

Security researcher Alvaro Muñoz recently warned of a critical vulnerability in versions 1.5 through 1.9 of Apache Commons Text. The flaw, dubbed "Text4Shell" and identified as CVE-2022-42889, can en...

Ransomware Prevention: How to Protect Against Ransomware

Ransomware attacks hit the headlines every week, with governments, school districts, healthcare providers, and private companies forced to admit attacks after ransomware disrupts their operations. He...

Fully Undetectable PowerShell Backdoor Found by Security Researchers

SafeBreach Labs researchers recently uncovered a new fully undetectable (FUD) PowerShell backdoor that uses a novel approach to disguise itself as part of the Windows update process. "The covert s...

Microsoft Patch Tuesday Leaves ProxyNotShell Exposed

Microsoft's October 2022 Patch Tuesday includes security updates that fix well over 80 vulnerabilities in more than 50 different parts of its product range – but the ProxyNotShell flaws in Exchange S...

Latest articles