Security News

SolarWinds fixes hardcoded credentials flaw in Web Help Desk
2024-08-22 15:01

SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. [...]

Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web
2024-08-16 14:25

A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a...

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software
2024-08-15 13:19

SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw,...

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
2024-08-15 11:44

SolarWinds has fixed a critical vulnerability in its Web Help Desk solution that may allow attackers to run commands on the host machine. "While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available," the company advises.

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
2024-08-14 15:22

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a...

Fraud ring pushes 600+ fake web shops via Facebook ads
2024-07-31 14:14

A malicious fraud campaign dubbed "ERIAKOS" promotes more than 600 fake web shops through Facebook advertisements to steal visitors' personal and financial information. [...]

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums
2024-07-17 10:33

The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta. "AvNeutralizer, a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multiple ransomware groups," cybersecurity company SentinelOne said in a report shared with The Hacker News.

BunkerWeb: Open-source Web Application Firewall (WAF)
2024-07-10 04:00

BunkerWeb is an open-source Web Application Firewall distributed under the AGPLv3 free license. The solution's core code is entirely auditable by a third party and the community.

HUMINT: Diving Deep into the Dark Web
2024-07-09 11:00

Clear Web - Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites. Deep Web - Websites and forums that are unindexed by search engines.

Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites
2024-07-08 15:08

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material, indicating how such information could be used to combat serious crimes. Distributed via phishing, spam campaigns, cracked software, fake update websites, SEO poisoning, and malvertising, data harvested using such programs typically find their way onto the dark web in the form of stealer logs from where they are purchased by other cybercriminals to further their schemes.