The flaw, tracked as CVE-2021-1285 and rated high severity, can be exploited by an unauthenticated, adjacent attacker to cause a DoS condition by sending it specially crafted Ethernet frames.
The vulnerability is related to the possibility to launch a brute-force attack to guess the seven-digit security code that is sent via email or SMS as a method of verification to reset the password.
Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware’s UEFI firmware-infecting module, known as TrickBoot.
To carry out the scam, the scammer needed more details on equipment used at an unnamed oil company to make malicious emails to the company’s employees more believable, researchers wrote.
Changes injected into a software build pipeline or continuous integration (CI) process will be included in the signed final product, altogether defeating the purpose of the signature.
The flaw was classified by Microsoft as wormable, indicating that malware exploiting it might be able to spread automatically between vulnerable machines on the network with no user interaction.
Cybersecurity researchers point out that threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk.
It can be unarguably stated that North Korea and cybercrime go hand in hand. The nation is highly focused on reinforcing its cyber capabilities, by all means necessary, and creating more than just a nuisance.
A user on a popular hacking forum was purportedly selling the stolen credentials from 6 South American countries for the Swiss-based Adecco Group, the second-largest staffing provider in the world.
The healthcare industry remains most at risk, particularly through web gateways, and phishing is still a high-risk vector in this sector, according to cybersecurity experts.