The experts discovered that the 2FA implementation of cPanel & WebHost Manager (WHM) software was vulnerable to brute-force attacks that allowed attackers to guess URL parameters and bypass 2FA.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) today posted an advisory to warn shoppers of online scams ahead of the holidays.
The backdoor, called Blackrota, was first discovered in a honeypot owned by researchers, attempting to exploit an unauthorized-access vulnerability in the Docker Remote API.
Stantinko, an adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar.
Lightspin, a new cloud security startup founded by former white-hat hackers, today emerged from stealth with a $4 million seed round to close cloud security gaps in business environments.
Suspected state-sponsored hackers are trying to exploit a five-month-old vulnerability in popular mobile device management software to target a range of U.K. organizations, the UK government warned.
Telecom companies face hefty fines if they don’t comply with strict new security rules under a new law proposed in UK Parliament that is aimed at blocking high-risk equipment suppliers like Huawei.
A network interruption resulting from a ransomware attack on a hosting provider has limited functionality of the Arizona state court system’s webpage for most of this week.
Muhammed Taskiran, a 20-year-old researcher based in Germany, informed TikTok in late August that a URL parameter on tiktok.com was “reflecting its value without being properly sanitized.”
The issue is related to the PerformTicketSignature registry subkey value in CVE-2020-17049, a security feature bypass bug in Kerberos KDC that Microsoft fixed in November 2020 Patch Tuesday.