A serious vulnerability has been discovered in the Spring Cloud Java Framework that may lead to RCE or result in the compromise of an entire host. Tracked as Spring4 Shell, it was found circulating on a Chinese cybersecurity site and QQ chat service. Currently, a way to partially stop Spring4Shell attacks is to disallow certain […]
Morphisec laid bare a new Mars Stealer campaign—abusing Google Ads ranking techniques—to lure Canadian users into downloading a malicious version of OpenOffice. A bug in the configuration instructions of the cracked version of Mars Stealer, which appears to be an honest mistake by the operators, gives anyone access to the logs directory of victims. Organizations […]
Researchers from SonarSource discovered two 15-year-old security flaws in the PEAR (PHP Extension and Application Repository) repository that could have enabled supply chain attacks.
The Series A funding round was led by NEA with participation from General Catalyst, UNION Labs, and the founders of Snowflake, Okta, Dropbox, VMware, Segment, and Databricks.
Trezor hardware wallet owners recently began receiving data breach notifications prompting recipients to download a fake Trezor Suite software that would steal their recovery seeds.
A new report from Rapid7 highlights 50 vulnerabilities from 2021 that posed a considerable risk to businesses of all sizes. Of those 50 vulnerabilities, 43 were exploited in the wild.
The Federal Bureau of Investigation (FBI) this week warned local government entities of ransomware attacks disrupting operational services, causing public safety risks, and causing financial losses.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-1040 flaw in the Sophos firewall, along with seven other issues, to its Known Exploited Vulnerabilities Catalog.
The CISO role has never been cut-and-dry. Despite its longevity, this role is still in its adolescence – full of promise, mostly headed in the right direction, but not quite fully formed.
That document, obtained by the KSL Investigators through a public records request, states more than 150 databases and all public safety software systems were reviewed for potential compromises but, “none have been found.”