Security News

Microsoft announces Visual Studio Code for the Web public preview
2021-08-31 18:38

Microsoft has announced the public preview launch of Visual Studio Code for the Web, a browser-based version of its free and cross-platform VS Code integrated development environment. "Announcing the preview of Visual Studio Code for the Web, a new web-based code editor that runs entirely in your browser and without backing compute," the company announced today.

File upload security best practices rarely implemented to protect web applications
2021-08-30 04:30

Despite a marked increase in concerns around malware attacks and third-party risk, only 8% of organizations with web applications for file uploads have fully implemented the best practices for file upload security, a report from OPSWAT reveals. Most concerning, one-third of organizations with a web application for file uploads do not scan all file uploads to detect malicious files and a majority do not sanitize file uploads with CDR to prevent unknown malware and zero-day attacks.

Coinminers, web shells and ransomware made up 56% of malware targeting Linux systems in H1 2021
2021-08-25 04:30

Trend Micro released a research on the state of Linux security in the first half of 2021. The report gives valuable insight into how Linux operating systems are being targeted as organizations increase their digital footprint in the cloud and the pervasive threats that make up the Linux threat landscape.

ProxyShell vulnerabilities actively exploited to deliver web shells and ransomware
2021-08-23 10:55

Three so-called "ProxyShell" vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the Cybersecurity and Infrastructure Security Agency warned over the weekend. The three ProxyShell vulnerabilities that can be connected in a complete exploit chain are as follows.

Web Censorship Systems Can Facilitate Massive DDoS Attacks
2021-08-20 21:11

Researchers are warning internet censorship systems are ripe for abuse by a new type of distributed denial of service attack. The potential for abuse is concerning, researchers say, because attacks would take advantage of a type of reflection and amplification, which would be "Extremely detrimental to any network" if carried out.

Researchers find high-severity command injection vuln in Fortinet's web app firewall
2021-08-18 16:38

A command injection vulnerability exists in Fortinet's management interface for its FortiWeb web app firewall, according to infosec firm Rapid7. An authenticated attacker can use the vuln to execute commands as root on the Fortiweb device, Rapid7 said in a blog post.

T-Mobile US probes claims of 100m stolen customer records up for sale on dark web
2021-08-16 19:22

T-Mobile US is investigating claims that highly sensitive personal data of 100 million customers has been stolen and peddled via the dark web. The seller said it's likely T-Mobile US is up to speed on the security breach because a backdoor used to exfiltrate this data from the telco's servers had been closed.

Copyright scammers turn to phone numbers instead of web links
2021-08-16 18:18

The problem with copyright infringement notices is that if they're genuine, they can't just be ignored, because social media sites are obliged to try to resolve meaningful copyright complaints when they're received. They've copied a trick that tech support scammers have been using for years, and that some ransomware scammers have recently adopted, namely giving you a toll-free phone number to call for "Help".

Fake COVID vaccine card sales ramp up on Dark Web
2021-08-11 13:30

Or you can spend money to buy a phony vaccine certificate from some anonymous and potentially untrustworthy cybercriminal on the Dark Web. Sales and advertisements of fake vaccine cards have been spiking to new levels on the Dark Web, according to a report published Wednesday by cyber threat intelligence firm Check Point Research.

1M Stolen Credit Cards Hit Dark Web for Free
2021-08-10 13:47

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated toselling payment-card credentials. The leaked credit cards include the following fields: Credit-card number, expiration date, CVV, name, country, state, city, address, ZIP code, email and phone number, according to threat actors.