The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "successful attack," which is believed to have occurred last week, was mounted … [Read more...] about Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective … [Read more...] about ProtonMail Shares Activist’s IP Address With Authorities Despite Its “No Log” Claims
Apple is temporarily hitting the pause button on its controversial plans to screen users' devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users. "Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take … [Read more...] about Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash
Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China. In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted in Serv-U's … [Read more...] about Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack
Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms. FireEye's Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the … [Read more...] about This New Malware Family Using CLFS Log Files to Avoid Detection
Microsoft's Active Directory is said to be used by 95% of Fortune 500. As a result, it is a prime target for attackers as they look to gain access to credentials in the organization, as compromised credentials provide one of the easiest ways for hackers to access your data. A key authentication technology that underpins Microsoft Active Directory is Kerberos. Unfortunately, … [Read more...] about What is AS-REP Roasting attack, really?
Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage. "Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how … [Read more...] about Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns
New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge. The two unpatched issues, tracked under the identifiers CVE-2021-39276 (CVSS score: 5.3) and CVE-2021-39277 … [Read more...] about Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms
Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage (e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now), and therefore security was not an important consideration. As a result, in most email systems encryption is still … [Read more...] about How Does MTA-STS Improve Your Email Security?
Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers. Sounds like an exciting career, right? If the comic-book comparisons aren't working for you, perhaps some figures will. According to ZipRecruiter, the average salary of a cybersecurity professional is just over $100,000 a year. The … [Read more...] about Get Lifetime Access to 24 Professional Cybersecurity Certification Prep Courses