Log4J: Microsoft discovers attackers targeting undisclosed SolarWinds vulnerability

Microsoft researchers have discovered a previously undisclosed vulnerability in the SolarWinds Serv-U software while monitoring threats related to Log4J vulnerabilities.  Jonathan Bar Or explained on Twitter that while he was…

The Internet’s Most Tempting Targets

What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets. The number of exposed assets keeps climbing, but existing security strategies…

Merck Awarded $1.4B Insurance Payout over NotPetya Attack

Court rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant’s 2017 cyberattack. Unsealed court records show pharmaceutical giant Merck was awarded a $1.4 billion payout last month…

Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation

Authored by Nick Biasini and Chris Neal with Contributions from Dmytro Korzhevin. Several cyber attacks against Ukrainian government websites — including website defacements and destructive wiper malware — have made…

Threat Roundup for January 14 to January 21

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Jan. 14 and Jan. 21. As with previous roundups, this post isn’t meant to be an…

CISA adds 13 exploited vulnerabilities to list, 9 with Feb. 1 remediation date

CISA released its latest update to the Known Exploited Vulnerabilities catalog, adding 13 new vulnerabilities. Nine of the vulnerabilities have a remediation date of February 1 and four of them…

20K WordPress Sites Exposed by Insecure Plugin REST-API

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection,…

Homelife of Connecticut Residents Secretly Recorded

Homelife of Connecticut Residents Secretly Recorded A man from Connecticut has been arrested on suspicion of using digital devices to record his neighbors.  Waterford resident Keith Hancock allegedly recorded 10 victims from…

Canadian Tech Predictions for 2022: From Collaboration to Virtual Desktops

Despite the ongoing impact of the COVID-19 pandemic, net tech employment in Canada was expected to increase 1.3% last year after falling for much of 2020. Meanwhile, IDC forecasts that…

Pennsylvania Approves Ransomware Bill

Pennsylvania Approves Ransomware Bill Pennsylvania has approved new legislation barring state and local governments from using taxpayers’ money to pay ransoms to cyber-criminals.  Senate Bill 726, amending Title 18 (Crimes and…