Security News

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. ProxyShell is the name of an exploit utilizing three chained Microsoft Exchange vulnerabilities that allow unauthenticated, remote code execution on unpatched vulnerable servers.

Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page," cybersecurity firm Rapid7 said in an advisory published Tuesday.

If you're reading this post, there is a pretty good chance you're interested in hacking. The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches.

If you're reading this post, there is a pretty good chance you're interested in hacking. The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches.

" Home and small business routers under attack. The Navajo Nation's selfless cryptographic contribution to America.

The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. On July 22nd, Kaseya obtained a universal decryption key for the ransomware attack from a mysterious "Trusted third party" and began distributing it to affected customers.

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services servers to infiltrate their networks. "TG1021 uses a custom-made malware framework, built around a common core, tailor-made for IIS servers. The toolset is completely volatile, reflectively loaded into an affected machine's memory and leaves little-to-no trace on infected targets," the researchers said.

Move up in the profitable field of cybersecurity by improving your ethical hacking skills. Cybersecurity experience was recently cited as one of the top three most scarce skills in the U.S., U.K. and several European countries.

Two Belarusian nationals were arrested earlier this month in Poland on the suspicion they engaged in multiple ATM jackpotting attacks. The two are believed to have committed dozens of ATM jackpotting attacks in several European countries, stealing an estimated €230,000 in cash.

Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization's sent and received email messages, software security firm SonarSource reveals. In June, Zimbra released patches for multiple security issues in the webmail solution, including two bugs identified by Simon Scannell, a security researcher with SonarSource.