Researchers discovered two exploit servers delivering different exploit chains via watering hole attacks. One server targeted Windows users, the other targeted Android devices.

The issue lies within Spring’s Application-Level Profile Semantics (ALPS) feature which is defined as “a data format for defining simple descriptions of application-level semantics”.

SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities. SAP also published a total of 7 other updates for previously released security notes.

The company now says that the personal data of up to 400,000 of its customers was compromised in the ransomware attack last November — 40,000 more than the company originally thought.

The website claims to be selling Microsoft source code and repositories for $600,000. Microsoft confirmed that threat actors accessed their source code during their SolarWinds breach.

A Mimecast-issued certificate used to authenticate some of it’s products to Microsoft 365 Exchange Web Services has been “compromised by a sophisticated threat actor,” the company has announced.

The worst part about ransomware is that it encrypts data and removes the original encrypted copies, thereby eliminating any way to recover files that are not backed up without paying the ransom.

For the January patch Tuesday, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.

A statement released by Accellion yesterday states that they became aware of a vulnerability in their legacy FTA service in mid-December, and a patch was deployed to all customers.

The ‘Rogue’ RAT infects victims with a keylogger, allowing attackers to easily monitor the use of websites and apps in order to steal usernames and passwords, as well as financial data.