Taiwanese vendor QNAP has been hit by another ransomware attack with the latest one coming from the eCh0raix. For this, only a few dozen eCh0raix samples have been submitted so far. To prevent from this, QNAP has urged customers to update their devices’ QTS or QuTS hero operating systems to the latest versions.
Vulnerabilities in the web interface of Jacuzzi’s SmartTub app could have enabled an attacker to view and potentially manipulate the personal data of hot tub owners, a security researcher claims.
“Yodel is currently experiencing service delays due to a system-wide outage,” said an update on Beer Hawk’s website, which says the issues have been affecting their deliveries since at least Monday.
Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always.
A cross-party group in the House of Lords has proposed an amendment to the Product Security and Telecommunications Infrastructure Bill that would address concerns about security researchers being prosecuted in the course of their work.
The initial ingress point was a pair of VMWare Horizon Unified Access Gateways that were vulnerable to Log4Shell. The attackers utilized several different tools, including Cobalt Strike, Sliver, and multiple commercial network scanners.
For now, researchers say that Magecart client-side attacks are still around and that we could easily be missing them if we rely on automated crawlers and sandboxes, at least if we don’t make them more robust.
An advanced persistent threat (APT) group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020.
Of the 56 vulnerabilities discovered, 38% allow for compromise of credentials, 21% allow for firmware manipulation, 14% allow remote code execution, and 8% of flaws enable tampering with configuration information.
The Pain Points: Ransomware Data Disclosure Trends by Rapid7 uncovers the kind of data ransomware actors want and how they pressure victims into getting it back by paying a ransom.