Security News

The U.S. Department of Justice on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. "The defendants worked as senior managers at a United Arab Emirates-based company that supported and carried out computer network exploitation operations for the benefit of the U.A.E. government," the DoJ said in a statement.

Threat actors are sharing Windows MSHTML zero-day tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a victim's computer remotely.

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. ProxyShell is the name of an exploit utilizing three chained Microsoft Exchange vulnerabilities that allow unauthenticated, remote code execution on unpatched vulnerable servers.

Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page," cybersecurity firm Rapid7 said in an advisory published Tuesday.

If you're reading this post, there is a pretty good chance you're interested in hacking. The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches.

If you're reading this post, there is a pretty good chance you're interested in hacking. The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches.

" Home and small business routers under attack. The Navajo Nation's selfless cryptographic contribution to America.

The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. On July 22nd, Kaseya obtained a universal decryption key for the ransomware attack from a mysterious "Trusted third party" and began distributing it to affected customers.

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services servers to infiltrate their networks. "TG1021 uses a custom-made malware framework, built around a common core, tailor-made for IIS servers. The toolset is completely volatile, reflectively loaded into an affected machine's memory and leaves little-to-no trace on infected targets," the researchers said.

Move up in the profitable field of cybersecurity by improving your ethical hacking skills. Cybersecurity experience was recently cited as one of the top three most scarce skills in the U.S., U.K. and several European countries.