Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”
Read More
Cloud Security
‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware
The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.
Read MoreFueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity
E-commerce’s proverbial Who-ville is under siege, with a rise in bots bent on ruining gift cards and snapping up coveted gifts for outrageously priced resale.
Read MoreCritical SonicWall VPN Bugs Allow Complete Appliance Takeover
Unauthenticated, remote attackers can achieve root-level RCE on SMA 100-series appliances.
Read MoreAWS Among 12 Cloud Services Affected by Flaws in Eltima SDK
Researchers have found a number of high-security vulnerabilities in a library created by network virtualization firm Eltima, that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes…
Read MoreWindows 10 Drive-By RCE Triggered by Default URI Handler
There’s an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.
Read MoreWhen Scammers Get Scammed, They Take It to Cybercrime Court
Underground arbitration system settles disputes between cybercriminals.
Read MoreCrypto-Exchange BitMart to Pay Users for $200M Theft
BitMart confirmed it had been drained of ~$150 million in cryptocurrency assets, but a blockchain security firm said it’s closer to $200 million.
Read MoreApache Kafka Cloud Clusters Expose Sensitive Data for Large Companies
The culprit is misconfigured Kafdrop interfaces, used for centralized management of the open-source platform.
Read MoreWhat Are Your Top Cloud Security Challenges? Threatpost Poll
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!
Read More