Avast Finds Backdoor on US Government Commission Network

Avast –  Avast –  We have found a new targeted attack against a small, lesser-known U.S. federal government commission associated with international rights. Despite repeated attempts through multiple channels over…

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality. SAP has…

Malicious PyPI Code Packages Rack Up Thousands of Downloads

The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more. Three malicious packages hosted in the Python Package Index (PyPI) code repository have…

Next-Gen Maldocs & How to Solve the Human Vulnerability

Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.…

SMA 100 flaws in SonicWall VPN expose devices to remote takeover

If exploited, an unauthenticated, remote attacker can execute code as a “nobody user” in the device meaning attacker would get root access and gain full control of the device. SonicWall,…

How to back up your Gmail: The ultimate guide

A few years ago, I moved off of Office 365 and Outlook and onto Gmail. Many of you thought I’d regret the move, but I have to tell you that…

Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm)…

Critical SonicWall VPN Bugs Allow Complete Appliance Takeover

Unauthenticated, remote attackers can achieve root-level RCE on SMA 100-series appliances. Critical security vulnerabilities in SonicWall’s Secure Mobile Access (SMA) 100-series VPN appliances could allow an unauthenticated, remote user to…

AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK

Researchers have found a number of high-security vulnerabilities in third-party driver software – bugs that originated in a library created by network virtualization firm Eltima – that leave about a…

‘Printjack’ Printer Attacks Pose a Serious Threat, Researchers Warn

A group of Italian cybersecurity researchers has put together a set of three attacks known as ‘Printjack,’ alerting people of the serious risks of trusting their printer too much. According…