Several months after security analysts found the critical zero-day flaw under the Java logging library Apache Log4j, they disclosed that many servers and applications are still prone to cyberattacks posed by the flaw due to failure to apply proper security patches. The vulnerability tracked as CVE-2021-44228 was first detailed last December, allowing hackers to launch...Continue Reading
Three firmware bugs were found in Lenovo devices, which the tech firm immediately patched after discovering that they could be exploited for Unified Extensible Firmware Interface (UEFI) attacks. The vulnerabilities were assigned as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972 and used for deploying and executing UEFI malware through SPI flash implants or ESP implants inside Lenovo Notebook...Continue Reading
The North Korean-sponsored advanced persistent threat (APT) group called Lazarus targets organisations that operate in South Korea’s chemical sector. This current espionage campaign appears to be the sequel of the Operation Dream Job conducted by the same APT group discovered by researchers in August last year. At the beginning of the year, a research team...Continue Reading
The US Department of Justice (DOJ) has announced that they have successfully eradicated the Cyclops Blink malware that attacked vulnerable internet-connected firewall devices of WatchGuard and Asus tech firms. This operation interrupted the Russian Federation’s Main Intelligence Directorate (GRU)’s control over the botnet that infected thousands of devices. Previously attributed to Russia’s GRU, the Sandworm...Continue Reading
The BitRAT malware campaign is seen attacking users searching for unofficial Windows license activators to activate cracked or pirated Windows Operating System versions. Security researchers observed a phishing attack that distributes Windows 10 Pro license activators in an online store. However, the offered activators of the phishing actors are malicious and composed of BitRAT malware....Continue Reading
Researchers discovered a new ransomware operation called DeadBolt which already impacted many QNAP NAS devices by encrypting its data. According to the latest reports, ransomware has already targeted and affected approximately 3,600 QNAP devices worldwide. The DeadBolt threat actors exploit a zero-day flaw to infect and compromise QNAP devices and encrypt files using their ransomware....Continue Reading
Based on recent reports in Japan, Kyoto University has lost approximately 80 terabytes of irretrievable data due to the HPE software update of their supercomputer’s backup system. The data loss incident happened last December 14 to 16 last year and resulted in over 30 million files from about 14 research groups being removed from the...Continue Reading
The Firefox 94 browser has recently undergone an issue wherein people’s usernames and passwords were recorded in the Cloud Clipboard feature of Windows. Nonetheless, Mozilla has released a patch into this issue, categorizing it as a severe security risk that can expose users’ credentials to threat actors as they copy or cut their usernames and...Continue Reading
The online video-sharing giant, YouTube, has recently employed a new copyright law that allows content creators on the platform worldwide to have flexibility in terms of international copyright policies. This implementation of the new copyright law was applied after a content creator named Mark Fitzpatrick has struck war with a giant animation firm, Toei Animation,...Continue Reading
The Ministry of Defence in Belgium has encountered a cyberattack after threat actors abused a Log4j flaw. The incident recorded the first event that a NATO country’s defence ministry victimised using the flaw. According to a report, the cyberattack occurred recently, resulting in the paralysis of the defence ministry’s activities for several days. A Belgian...Continue Reading