Cloud risk management and threat detection firm Rapid7 warns that it has seen organizations being compromised in attacks exploiting a recently patched Zoho ManageEngine vulnerability. Tracked as CVE-2022-47966, the security defect exists in a third-party dependency (Apache xmlsec, also known as XML Security for Java, version 1.4.1), allowing attackers to execute arbitrary code remotely without ..
Tag : NEWS&INDUSTRY
A sophisticated ad fraud scheme that spoofed over 1,700 applications and 120 publishers peaked at 12 billion ad requests per day before being taken down, bot attack prevention firm Human says. Dubbed VastFlux, the scheme relied on JavaScript code injected into digital ad creatives, which resulted in fake ads being stacked behind one another to ..
Several vulnerabilities described as having critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product. The vulnerabilities were discovered by a researcher at cybersecurity consultancy Sec Consult in OpenText’s Extended ECM, which is designed for managing the distribution and use of information ..
The European Union’s digital policy chief warned TikTok’s boss Thursday that the social media app will have to fall in line with tough new rules for online platforms set to take effect later this year. EU Commissioner Thierry Breton held a video call with Shou Zi Chew, the CEO of TikTok, the popular Chinese-owned video ..
Online payments system PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign. “On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials,” the company said in the notification letter sent to the impacted individuals. According to ..
Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands, according to data from Chainalysis. A report published by the blockchain data company on Thursday shows that the cryptocurrency addresses known to have been used by ransomware groups received a total of $457 million ..
A China-linked threat actor was observed exploiting a recently disclosed Fortinet FortiOS SSL-VPN vulnerability when it was still a zero-day, months before patches were released, Mandiant reports. The security bug, tracked as CVE-2022-42475 (CVSS score of 9.8), is described as a buffer overflow issue that could be exploited by remote, unauthenticated attackers to execute code ..
A ransomware attack forced the parent company of KFC and Taco Bell to close several hundred restaurants in the United Kingdom this week. A government filing posted Thursday says the attack impacted information technology systems. Yum Brands said the attackers took company data, but that there is no evidence customer data was stolen. Around 300 ..
Drupal this week announced software updates that resolve a total of four vulnerabilities in Drupal core and three plugins, and which could lead to unauthorized access to data. The Drupal core issue exists because the Media Library module does not perform proper checks on entity access in some cases, which could allow users who can ..
Wireless carrier T-Mobile on Thursday fessed up to another massive data breach affecting approximately 37 million current postpaid and prepaid customer accounts. In a filing with the Security and Exchange Commission (SEC), T-Mobile said that an unidentified malicious actor abused an API without authorization to access customer account data, including name, billing address, email, phone ..