Jeremy McClure

On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren’t easy to track down, and it’s easy as pie to exploit.

High-Severity […]

A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.

Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers

An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December.

Emotet Now Spreading Through Malicious Excel Files

SquirrelWaffle attackers now use typosquatting to keep sending spam, even after Exchange servers are patched for ProxyLogon/ProxyShell.

SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming

The year’s 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems.

Chrome Zero-Day Under Active Attack: Patch ASAP

Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.

TA2541: APT Has Been Shooting RATs at Aviation for Years

Hours before the Superbowl and two days after the FBI warned about the ransomware gang, BlackByte leaked what are purportedly the NFL team’s files.

BlackByte Tackles the SF 49ers & US Critical Infrastructure

35K+ players were exposed to an auto-updater that planted a trojan that choked performance for fellow modders and Colossal Order employees.

‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware

The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems.

Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack

A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.

Critical MQTT-Related Bugs Open Industrial Networks […]

“Siloscape”, the first malware to target Windows containers, breaks out of Kubernetes clusters to plant backdoors and raid nodes for credentials.

Windows Container Malware Targets Kubernetes Clusters

Cox Media Group tv, radio station streams affected by a reported ransomware attack.

Cyberattack Suspected in Cox TV and Radio Outages

Judges rule that Georgia police officer did not violate CFAA when he accessed law-enforcement data in exchange for bribe money, a ruling that takes heat off ethical hackers.

Supreme Court Limits Scope of […]

The REvil ransomware gang is interviewed on the Telegram channel called Russian OSINT.

REvil Ransomware Gang Spill Details on US Attacks

Unprotected server exposes AMT Games user data containing user emails and purchase information.

‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles

The crooks pay top dollar for Google search results for the popular AnyDesk, Dropbox & Telegram apps that lead to a malicious, infostealer-packed website.

Google PPC Ads Used to Deliver Infostealers

REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests.

Exchange Servers Targeted by […]

Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, discusses best practices for securing healthcare data against the modern threat landscape.

Then and Now: Securing Privileged Access […]

In this Threatpost podcast, Fortinet’s top researcher sketches out the ransom landscape, with takeaways from the DarkSide attack on Colonial Pipeline.

Podcast: The State of Ransomware

In this Threatpost podcast, Forcepoint’s SASE and Zero Trust director describes how the pandemic jump-started SASE adoption.

Effective Adoption of SASE in 2021