December Patch Tuesday arrives bearing 71 gifts
Seventeen Critical-severity CVEs ready to deck your halls; also, new blog guidance for Windows Server admins
Japan says China-linked cyberattacks were systematic attacks with an aim of stealing data on Japanese national security and advanced technology. The post Japan Links Chinese Hacker MirrorFace to Dozens of Cyberattacks Targeting Security and Tech Data appeared first on SecurityWeek.
Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. “Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as…
This is a multi-part interview with the individual known as “Nam3L3ss” who leaked more than 100 databases on a popular hacking forum and will soon be leaking many more. Read the Preface. In Part 1, we talked about his background and what motivated him to do what he does. In Part 2, we talked about…
Infrastructure Problems Blamed; Users Appear to Move to Similar FlowerStorm ServiceAs the end of the year approaches, it’s out with the old and in with the new as researchers report that Rockstar 2FA, which once facilitated prolific phishing-as-a-service hits, has crashed and burned, apparently leading many one-time users to move to rival FlowerStorm.
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with…
Patch Tuesday: Microsoft has rushed out fixes for a trio of already-exploited zero-day vulnerabilities in the Windows Hyper-V platform. The post Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days appeared first on SecurityWeek.