A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook to leak plaintext Windows domain credentials to external servers.
Stories by Lucian Constantin
Cyber-espionage groups are exploiting a critical vulnerability patched in ManageEngine ADSelfService Plus, which is a single sign-on solution.
The remote code execution vulnerability was recently patched for affected versions of Atlassian Confluence Server and Data Centre; users are advised to apply the patch or upgrade.
Ransomware gangs are adopting all the core elements of legitimate businesses—including defined staff roles, marketing plans, partner ecosystems, and even venture capital investments.
This newly discovered ransomware works fast, has multiple ways to avoid detection, and preys on Windows systems with known vulnerabilities.
This new, aggressive ransomware group also uses Cobalt Strike to move laterally across network.
It's not the IoT vendors' fault. Lack of a cryptographically secure pseudo-random number generator subsystem for the internet of things devices will be vulnerable.
Multiple groups are compromising Windows web servers and deploying malware programs to function as extensions for Internet Information Services.
Embedded devices are known to use in-house and third-party code that was created at a time when software vulnerabilities were not as well understood.
Multiple vulnerabilities could allow persistent take-over and ransom demands by attackers.
Praying Mantis group is likely a nation-state actor that uses custom malware and is adept at avoiding detection.
The US government outlines how APT40 conducted its Microsoft Exchange Server attack and offers advice to defend against nation-state threats.
All REvil websites went offline on Tuesday, leaving security experts and victims to speculate on the reason why.
Public exploits are available for a remote code execution vulnerability in the Windows Print Spooler that could allow attackers to take full control of systems.
More than 1000 businesses from around the world have reportedly been impacted in a supply-chain attack targeting Kaseya software.