Threats

Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.

  • Heartbleed 2.0? OpenSSL Warns of Second-Ever Critical Security Flaw

    The OpenSSL project this week announced plans to release version 3.0.7 on November 1 to patch a critical security flaw affecting versions 3.0 and later. Co-founder Mark J. Cox noted it’s only the second critical patch “since we started rating flaws back in 2014.” OpenSSL identifies critical issues as those affecting common configurations and likely…

  • Cybercriminals Use Fake Public PoCs to Spread Malware and Steal Data

    GitHub proofs of concept (PoCs) for known vulnerabilities could themselves contain malware as often as 10% of the time, security researchers have found. Researchers at the Leiden Institute of Advanced Computer Science have alerted security professionals about risks associated with GitHub and other platforms like pastebin that host public PoCs of exploits for known vulnerabilities.…

  • New Version of Fodcha DDoS Botnet Adds Extortion

    Back in April of this year, 360 Netlab researchers reported on a new DDoS botnet with more than 10,000 daily active bots and over 100 DDoS victims per day, dubbed Fodcha due to its command and control (C2) domain name folded.in and its use of the ChaCha encryption algorithm. In response to 360 Netlab’s report,…

  • Data Exfiltration: Symantec Warns of Exbyte Threat as Hive Group Leaks Tata Data

    Symantec researchers are warning that a BlackByte ransomware affiliate has begun using a custom data exfiltration tool, Infostealer.Exbyte, to steal data from victims’ networks as part of their attacks. Still, as a recent breach of an Indian power company by a different ransomware group demonstrates, the extra effort of stealing data doesn’t always pay off…

  • How to Recover From a Ransomware Attack

    Ransomware response and recovery can broken down into four steps: 1. Isolate, Assess, Call for Help: 2. Recover what can be recovered, replace what cannot be recovered. 3. Apply lessons-learned and block future attacks. 4. Revise (or create) the ransomware incident response plan. 1. Isolate, Assess, Call for Help The initial incident response requires the…

  • Ransomware Group Bypasses Windows 10 Warnings

    A ransomware family targeting individual computer users is using a zero-day Windows bug to infect users, ANALYGENCE senior vulnerability analyst Will Dormann has found. HP Wolf Security researchers recently published a blog post on the Magniber ransomware campaign’s ability to use JavaScript to disguise a malicious file as an antivirus or Windows 10 update. Magniber…

  • Time-Consuming Remediation: Assessing the Impact of Text4Shell

    Security researcher Alvaro Muñoz recently warned of a critical vulnerability in versions 1.5 through 1.9 of Apache Commons Text. The flaw, dubbed “Text4Shell” and identified as CVE-2022-42889, can enable remote code execution via the StringSubstitutor API. In response, version 1.10 was released, which disables script interpolation by default. While the flaw carries a very high…

  • Fully Undetectable PowerShell Backdoor Found by Security Researchers

    SafeBreach Labs researchers recently uncovered a new fully undetectable (FUD) PowerShell backdoor that uses a novel approach to disguise itself as part of the Windows update process. “The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims,” SafeBreach director…

  • Microsoft Patch Tuesday Leaves ProxyNotShell Exposed

    Microsoft’s October 2022 Patch Tuesday includes security updates that fix well over 80 vulnerabilities in more than 50 different parts of its product range – but the ProxyNotShell flaws in Exchange Server that were reported last month are not on the list. Key vulnerabilities patched include CVE-2022-41033, a zero-day flaw in the Windows COM+ Event…

  • Vulnerable API Exposes Private npm Packages

    Aqua Nautilus security researchers have revealed that threat actors could perform a timing attack on npm’s API to uncover private packages. The timing attack on the JavaScript package manager can work even if npm returns a 404 error to unauthorized or unauthenticated users who try to request the following endpoint (generic pattern): https://registry.npmjs.org/@<scope_name>/<secret_package_name> A malicious…

Get the free newsletter

Subscribe to Cybersecurity Insider for top news, trends & analysis

This field is required This field is required

IT Security Resources

Top Cybersecurity Companies

See Full List