Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205
Attackers are actively exploiting an “old” vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The …
Secure your databases against opportunistic attackers
If you connect databases / servers to the internet and secure them poorly, you can count on them getting compromised quickly. According to findings by Radoslaw Zdonczyk, …
Realtek SDK vulnerability exploitation attempts detected (CVE-2021-35395)
Threat actors are attempting to exploit CVE-2021-35395, a group of vulnerabilities in the web interface of the Realtek SDK, to spread Mirai malware to vulnerable IoT devices. …
VPN attacks up nearly 2000% as companies embrace a hybrid workplace
Nuspire released a report which outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from Recorded Future. “As companies …
Monero-mining botnet targets orgs through recent MS Exchange vulnerabilities
The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to …
Massive increase in endpoint attacks, rising rate of encrypted malware and new exploits targeting IoT
Fileless malware and cryptominer attack rates grew by nearly 900% and 25% respectively, while unique ransomware payloads plummeted by 48% in 2020 compared to 2019, according …
International law enforcement effort pulls off Emotet botnet takedown
Law enforcement and judicial authorities worldwide have effected a global takedown of the Emotet botnet, Europol announced today. “The Emotet infrastructure essentially …
Microsoft and partners cut off key Trickbot botnet infrastructure
Two weeks after someone (allegedly the US Cyber Command) temporarily interrupted the operation of the infamous Trickbot botnet, a coalition of tech companies headed by …
Bit-and-piece DDoS attacks increased 570% in Q2 2020
Attackers shifted tactics in Q2 2020, with a 570% increase in bit-and-piece DDoS attacks compared to the same period last year, according to Nexusguard. Perpetrators used …
Fileless worm builds cryptomining, backdoor-planting P2P botnet
A fileless worm dubbed FritzFrog has been found roping Linux-based devices – corporate servers, routers and IoT devices – with SSH servers into a P2P botnet whose …
New wave of attacks aiming to rope home routers into IoT botnets
A Trend Micro research is warning consumers of a major new wave of attacks attempting to compromise their home routers for use in IoT botnets. The report urges users to take …
Zyxel NAS, firewalls and LILIN DVRs and IP cameras conscripted into IoT botnets
A wide variety of Zyxel and LILIN IoT devices are being conscripted into several botnets, researchers have warned. Users are advised to implement the provided firmware updates …