Security News

An excruciating, easily exploited flaw in the ubiquitous Java logging library Apache Log4j could allow unauthenticated remote code execution and complete server takeover - and it's being exploited in the wild. New #0-day vulnerability tracked under "Log4Shell" and CVE-2021-44228 discovered in Apache Log4j We are observing attacks in our honeypot infrastructure coming from the TOR network.

An active attack against more than 1.6 million WordPress sites is underway, with researchers spotting tens of millions of attempts to exploit four different plugins and several Epsilon Framework themes. In November 2020, Wordfence observed an operation that targeted this list with "Probing attacks," meant to test whether sites were unpatched and vulnerable.

The Australian Cyber Security Centre says Conti ransomware attacks have targeted multiple Australian organizations from various industry verticals since November. "The ACSC is aware of multiple instances of Australian organisations that have been impacted by Conti ransomware in November and December 2021.".

Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites. The threat actors target four WordPress plugins and fifteen Epsilon Framework themes, one of which has no available patch.

These attacks can lead to the bypassing of phishing detection and email security solutions, and at the same time, gives phishing URLs a false snse of legitimacy to victims. "The attacks use dozens of distinct Microsoft 365 third-party applications with malicious redirect URLs defined for them," explains Proofpoint's report.

Darktrace reported that its security researchers discovered a 30% increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020 compared to the monthly average.The researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February.

Attackers today do not have a soft spot for businesses and give companies a break at any time of the year, especially not during holidays. "The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends-when offices are normally closed-in the United States, as recently as the Fourth of July holiday in 2021.".

Microsoft says the first Secured-core certified Windows Server and Microsoft Azure Stack HCI devices are now available to protect customers' networks from security threats, including ransomware attacks. The newly certified Secured-core servers use Secure boot and the Trusted Platform Module 2.0 to ensure that only trusted will be able to load on boot.

A Canadian man is accused of masterminding ransomware attacks that caused "Damage" to systems belonging to the US state of Alaska. A federal indictment against Matthew Philbert, 31, of Ottawa, was unsealed yesterday, and he was also concurrently charged by the Canadian authorities with a number of other criminal offences at the same time.

The rapid spread of Emotet via TrickBot and its behavior since the malware resurfaced last month could signal that a spate of ransomware attacks are on the way, spurring researchers to warn organizations to buckle up and get ready. On Wednesday, Check Point Research also published a report that warned of imminent ransomware attacks now that TrickBot is dropping Emotet samples, especially given that TrickBot has amassed 140,000 victims across 149 countries in only 10 months.