Security News

That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data amassed from honeypots, sensors, and anonymized telemetry. CVE-2020-17496 - vBulletin 'subwidgetConfig' unauthenticated RCE vulnerability.

That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data amassed from honeypots, sensors, and anonymized telemetry. CVE-2020-17496 - vBulletin 'subwidgetConfig' unauthenticated RCE vulnerability.

A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand. Last month, Amnesty International and non-profit project Forbidden Stories revealed that the Pegasus spyware was installed on fully updated iPhones through a zero-day zero-click iMessage vulnerability.

Threat actors exploited an unpatched Citrix flaw to breach the network of the U.S. Census Bureau in January in an attack that was ultimately halted before a backdoor could be installed or sensitive data could be stolen, according to a report by a government watchdog organization. Investigators found that officials were informed of the flaw in its servers and had at least two opportunities to fix it before the attack, mainly due to lack of coordination between teams responsible for different security tasks, according to the report, published Tuesday by the U.S. Department of Commerce Office of Inspector General.

Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets. Liquid is one of the largest cryptocurrency-fiat exchange platforms worldwide.

Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets. Liquid is one of the largest cryptocurrency-fiat exchange platforms worldwide.

"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google. Essentially, we 'wiretapped' the internal network traffic of 15,000 organizations and millions of devices," Wiz wrote in a technical breakdown of the bug. Luttwak calls what he found a "Loophole" within the process used to handle the now obsolete dynamic DNS within modern DNS server configurations.

With greater awareness and complete visibility into every connected device, organizations can create a full inventory of IoT devices with all the information required to maintain them. Default passwords allow attackers to take over IoT devices as easy access points into the network.

Accenture, a global IT consultancy giant has allegedly been hit by a ransomware cyberattack from the LockBit ransomware gang. A ransomware group known as LockBit 2.0 is threatening to publish files data allegedly stolen from Accenture during a recent cyberattack.

Attackers reportedly stole $600 million from the cryptocurrency platform Poly Network, in what experts say is one of the largest crypto heists to date. Poly Network, a decentralized finance platform based in China, publicly acknowledged that an attacker "Exploited a vulnerability" that allowed them to assign themselves the ownership of money processed through the platform.