Security teams might have skipped January's Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It's a bug that now has a proof-of-concept exploit available in the wild. The exploit was released by Gil Dabah, founder and CEO of Privacy Piiano, who tweeted that he decided not to report the bug two years ago. READ MORE...
Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations. Additionally, the attack has also affected Mabanaft GmbH, an oil supplier. Both entities are subsidiaries of the Marquard & Bahls group, which may have been the breach point. Because the firm supplies a total of 26 companies in the country with fuel, German media raised worries about shortages immediately, but officials came forth to appease them. READ MORE...
BlackCat, the latest ransomware threat touted on underground forums, has quickly made inroads into the ransomware-as-a-service cybercriminal marketplace by offering 80% to 90% of ransoms to "affiliates" and aggressively outing victims on a name-and-shame blog. In less than a month, the BlackCat group has purportedly compromised more than a dozen victims and named those victims on its blog, according to recent analysis of the malware by researchers at Palo Alto Networks. READ MORE...
The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new. The goal of publishing these vulnerabilities is to raise awareness and remind federal organizations of their obligation to apply security updates by a specified strict deadline. READ MORE...
Over one million WordPress websites might have been impacted by a critical vulnerability in the Essential Addons for Elementor plugin. Essential Addons for Elementor provides WordPress site admins with more than 80 elements and extensions to help them easily design WordPress pages and posts. Affecting version 5.0.4 and earlier of the plugin, the security flaw allows any user to perform a local file inclusion attack, regardless of their authentication or authorization level. READ MORE...