05 May 2020

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack

Oracle has stated that although it patched the CVE-2020-2883 vulnerability in its April 2020 Critical Patch Update, a proof of concept exploit was published soon after. The company is now advising customers to fast track a patch for the flaw that lies in its WebLogic Server that is still under

Read More
05 May 2020

GoDaddy notifies users of breached hosting accounts

GoDaddy, the world’s largest domain registrar, disclosed that they had been the victims of a cyberattack occurring in October of 2019. The incident was discovered when GoDaddy’s security team was alerted to suspicious activity occurring on a subset of the company’s servers. The company stated that the incident involved unauthorized

Read More
05 May 2020

Nearly 2,000 malicious COVID-19-themed domains created every day

According to a new report fro Palo Alto Networks, more than 1.2 domains recently registered contain keywords relating to the COVID-19 pandemic. Of the 1.2 million domains registered between March 9 to April 26, these 86,600 are considered to have malicious intent. Palo Alto Networks analyzed all new domain names

Read More
04 May 2020

Ransomware mentioned in 1,000+ SEC filings over the past year

According to the US Securities Exchange Commission, an increasing number of companies are identifying ransomware as a forward-looking risk factor in documents filed with the agency. The agency states that in the past year, more than 1,000 documents mentioning ransomware as a risk factor have been filed. Over 700 have

Read More
04 May 2020

Ghost Confirms Hack Attack: 750,000 Users Spooked By Critical Vulnerability

Yesterday, a popular open-source blogging platform with over 2 million installs, Ghost, confirmed that it was hacked. Ghost’s customers include industry giants such as NASA, DuckDuckGo, and Mozilla as well as 750,000 other registered users. Early on the morning of May 3, the site stated on its website that it

Read More
04 May 2020

TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy

IBM X-Force recently disclosed that malicious actors are spreading the TrickBot trojan through fake messages that are COVID-19 themes. The new campaign capitalizes on public concern and interest in the Department of Labor’s Family and Medical Leave Act (FMLA). IBM X-Force stated that they uncovered the campaign after the analysis

Read More
04 May 2020

Hacker sells 91 million Tokopedia accounts, cracked passwords shared

According to security researchers, a hacker is selling a database that contains the credentials of 91 million Tokopedia accounts on a dark web marketplace for approximately $5,000. Research claim that threat actors have begun to crack the passwords to the popular online store and share them online. Tokopedia is widely

Read More
01 May 2020

Microsoft Sway Abused in Office 365 Phishing Attack

According to an analysis released by Group-IB on Thursday, a threat actor group called PerSwaysion has attacked Microsoft services, compromising at least 150 executives in a targeted phishing campaign. The attacks were effective in gathering the Office 365 credentials of the executives since mid-2019. The campaign’s success was attributed to

Read More
01 May 2020

Hackers say they stole millions of credit cards from Banco BCR

The Banco BCR, the state-owned Bank of Costa Rica, was reportedly hacked and 11 million credit card credentials were allegedly stolen. Hackers claimed to have gained access to the bank’s network in August of 2019, stating that they did not encrypt devices as the possible damage was too high. The

Read More
01 May 2020

DHS CISA to provide DoH and DoT servers for government use

Yesterday, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced that it plans to run DoH and DoT DNS resolution servers for federal use. However, the agency recommended that other government agencies disable DoH and DoT support on employee browsers until the CISA servers are ready for

Read More