Cybercrime, Sysrv – K targets Windows, Linux to steal cryptocurrencies
Microsoft cybersecurity experts: The botnet exploits unpatched vulnerabilities in the Spring Framework and WordPress plugins to infect systems with mining malware.
Cybersecurity, CISA adds 3 new vulnerabilities to the Known Exploited Catalog
They are the CVE-2021-3156, CVE-2021-31166 and CVE-2017-0148. One is linked to Sudo and the other two to Microsoft.
Cyber Warfare, Ukraine is under a wiper malware offensive
Microsoft cybersecurity experts: It looks like ransomware but is designed to render targeted devices inoperable. It has been detected on dozens of systems and the numbers could grow.
Cybersecurity, macOS Monterey suffers the “powerdir” flaw
Microsoft experts detected the vulnerability CVE-2021-30970. It allows to bypass the TTC, gaining access to a user’s data. Update your systems ASAP!
Cybercrime, Microsoft products login pages are the most used in phishing
Atlas VPN cybersecurity experts: Threat actors exploit them in 73% of the campaigns. Adobe Document Cloud login pages are also being used.
Cyber Espionage, Iranian hackers increase attacks on IT services companies
Microsoft cybersecurity experts: The aim is to steal credentials belonging to downstream customer networks. India, Israel, UAE are the most hit targets.
Cybersecurity, Microsoft releases a new bunch of security updates
They cover 55 issues in different products. Six of them are critical and have already been exploited by cybercrime actors.
Cyber Espionage, Nobelium uses FoggyWeb as a backdoor
Microsoft cybersecurity experts: The APT exploits it to remotely exfiltrate sensitive information from a compromised AD FS server.
Cybersecurity, 4 vulnerabilities in Azure VM management extensions OMI agent
Microsoft: They could allow an attacker to raise their privileges and remote arbitrary code execution. Furthermore, there is a PoC online.
Cybersecurity, new vulnerability for Exchange Server: PROXYTOKEN
Yoroi: The flaw, CVE-2021-33766, allows a threat actor to monitor, steal or alter corporate email communications.