Security News
Microsoft has announced the public preview launch of Visual Studio Code for the Web, a browser-based version of its free and cross-platform VS Code integrated development environment. "Announcing the preview of Visual Studio Code for the Web, a new web-based code editor that runs entirely in your browser and without backing compute," the company announced today.
Despite a marked increase in concerns around malware attacks and third-party risk, only 8% of organizations with web applications for file uploads have fully implemented the best practices for file upload security, a report from OPSWAT reveals. Most concerning, one-third of organizations with a web application for file uploads do not scan all file uploads to detect malicious files and a majority do not sanitize file uploads with CDR to prevent unknown malware and zero-day attacks.
Trend Micro released a research on the state of Linux security in the first half of 2021. The report gives valuable insight into how Linux operating systems are being targeted as organizations increase their digital footprint in the cloud and the pervasive threats that make up the Linux threat landscape.
Three so-called "ProxyShell" vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the Cybersecurity and Infrastructure Security Agency warned over the weekend. The three ProxyShell vulnerabilities that can be connected in a complete exploit chain are as follows.
Researchers are warning internet censorship systems are ripe for abuse by a new type of distributed denial of service attack. The potential for abuse is concerning, researchers say, because attacks would take advantage of a type of reflection and amplification, which would be "Extremely detrimental to any network" if carried out.
A command injection vulnerability exists in Fortinet's management interface for its FortiWeb web app firewall, according to infosec firm Rapid7. An authenticated attacker can use the vuln to execute commands as root on the Fortiweb device, Rapid7 said in a blog post.
T-Mobile US is investigating claims that highly sensitive personal data of 100 million customers has been stolen and peddled via the dark web. The seller said it's likely T-Mobile US is up to speed on the security breach because a backdoor used to exfiltrate this data from the telco's servers had been closed.
The problem with copyright infringement notices is that if they're genuine, they can't just be ignored, because social media sites are obliged to try to resolve meaningful copyright complaints when they're received. They've copied a trick that tech support scammers have been using for years, and that some ransomware scammers have recently adopted, namely giving you a toll-free phone number to call for "Help".
Or you can spend money to buy a phony vaccine certificate from some anonymous and potentially untrustworthy cybercriminal on the Dark Web. Sales and advertisements of fake vaccine cards have been spiking to new levels on the Dark Web, according to a report published Wednesday by cyber threat intelligence firm Check Point Research.
Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated toselling payment-card credentials. The leaked credit cards include the following fields: Credit-card number, expiration date, CVV, name, country, state, city, address, ZIP code, email and phone number, according to threat actors.