Cloud Attacks Are Bypassing MFA, Feds Warn
CISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted.
Source: Threat Post –
[...]
AuthorTara Seals
Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover
Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs.
[...]
Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack
A sophisticated threat actor has hijacked email security connections to spy on targets.
Source: Threat Post – Web Security – Mimecast Certificate
[...]
BumbleBee Opens Exchange Servers in xHunt Spy Campaign
The BumbleBee web shell allows APT attackers to upload and download files, and move laterally by running commands.
Source: Threat Post –
[...]
Telegram Triangulation Pinpoints Users’ Exact Locations
The “People Nearby” feature in the secure messaging app can be abused to unmask a user’s precise location, a researcher said.
Source:
[...]
T-Mobile Faces Yet Another Data Breach
The cyberattack incident is the wireless carrier’s fourth in three years.
Source: Threat Post – Mobile Security – T-Mobile Faces Yet Another
[...]
2020 Work-for-Home Shift: What We Learned
Threatpost explores 5 big takeaways from 2020 — and what they mean for 2021.
Source: Threat Post – Web Security – 2020
[...]
Emotet Returns to Hit 100K Mailboxes Per Day
Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.
Source: Threat Post – Web Security – Emotet
[...]
Joker’s Stash Carding Site Taken Down, for Now
The underground payment-card data broker saw its blockchain DNS sites taken offline after an apparent law-enforcement effort.
Source: Threat Post – Web
[...]
Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims
Examining the backdoor’s DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation
[...]