Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions. Users are recommended to upgrade to versions 5.3.18 or later and 5.2.20 or later.
According to a report by Unit 42, the average ransom demand rose 144% to $2.2 million in 2021. The average ransom payment rose 78% to $541,010. Thirty-five new ransomware gangs popped up in 2021.
SunCrypt—a RaaS that came to prominence in mid-2020—was one of the first threat actors to implement triple extortion in its campaigns. It is a small RaaS, operating with a close circle of affiliates.
The U.K. NCSC has urged the public sector, critical infrastructures (CNI) and other organizations to reconsider the potential risks associated with any “Russian-controlled” parts of their supply chain.
Hostile hacking groups are exploiting Russia’s invasion of Ukraine to carry out cyberattacks designed to steal login credentials, sensitive information, money, and more from victims around the world.
Google this week released a security-themed Chrome 100.0.4896.60 browser makeover with patches for 28 documented vulnerabilities, some serious enough to lead to code execution attacks.
The startup, called Cloaked, said the Series A investment was co-led by Lux Capital and Human Capital and will be used to exit beta and drive growth in a competitive marketplace.
Vulnerabilities in ImpressCMS could allow an unauthenticated attacker to bypass the software’s SQL injection protections to achieve remote code execution (RCE), a security researcher has warned.
Researchers have spotted an updated version of Conti ransomware as part of the global ransomware tracking efforts that allow it to reboot and encrypt the targeted system in Safe Mode. To avoid detection, Conti uses the Murmur3 hashing algorithm, which produces different hash values for all API functions used, which helps avoid security software that […]
Muhstik botnet operators were found exploiting a recently disclosed bug in some Redis Debian packages to infiltrate servers and then use it for DDOS attacks. The attackers target the vulnerability CVE-2022-0543 in Redis Debian packages. To protect against this particular attack, users are recommended to update their packages to Redis package version 5.6.0.16.-1 or follow […]