Tracked as CVE-2022-20658 (CVSS score of 9.6), the issue exists due to a lack of server-side validation of user permissions, which allows an attacker to submit a crafted HTTP request to exploit the bug.
Maryland officials confirmed on Wednesday that state’s Department of Health is dealing with a devastating ransomware attack, which has left hospitals struggling amid a surge of COVID-19 cases.
As per a new SolarWinds report, the hacking community (56%) is the largest source of security threats at public sector entities, followed closely by insiders (52%) and foreign governments (47%).
Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems.
The Senate passed two cyber-related bills Wednesday, one that would help manage cybersecurity risk in the supply chain, and another that would provide resources to secure state and local governments.
Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry.
The goal is to evade detection by antivirus solutions which are more likely to catch commonly abused document formats and stop the victim from opening them on Microsoft Office.
Dataprise announced the acquisition of Global Data Vault, a provider of Disaster-Recovery-as-a-Service (DRaaS), Backup-as-a-Service (BaaS) and modern data protection solutions.
Inmates were made to stay in their cells as the ransomware outbreak reportedly not only knocked out the internet but also locked staff out of data management servers and security camera networks.
Researchers uncovered cybercriminals using a malicious Telegram installer to drop Purple Fox Rootkit. It is believed to be spreading using email or probably via phishing websites. Phase-based operations and dependency on different files for each phase make this attacker go unnoticed from security systems.