Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts
Microsoft is still investigating how a China-linked hacking group managed to acquire an inactive Microsoft account consumer signing key and forged tokens to steal emails from the U.S. State Department. The threat actor also accessed data from about two dozen other organizations. Microsoft has since hardened key issuance systems, revoked all prior keys and issued new keys using updated systems. READ MORE...
AWS Cloud Credential Stealing Campaign Spreads to Azure, Google Cloud
A sophisticated cloud-credential stealing and cryptomining campaign targeting Amazon Web Services (AWS) environments for the past several months has now expanded to Azure and Google Cloud Platform (GCP) as well. And, the tools used in the campaign share considerable overlap with those associated with TeamTNT, a notorious, financially motivated threat actor, researchers have determined. READ MORE...
Police arrests Ukrainian scareware developer after 10-year hunt
The Spanish National Police has apprehended a Ukrainian national wanted internationally for his involvement in a scareware operation spanning from 2006 to 2011. This extensive operation led to the infection of hundreds of thousands of computers with malicious software designed to display pop-up messages intended to mislead the users into thinking their computers were infected by malware. READ MORE...
Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks
At least two recently disclosed Adobe ColdFusion vulnerabilities appear to have been exploited in the wild, including a flaw that security experts say has not been completely patched by the software giant. Last week, Adobe informed customers about three critical ColdFusion vulnerabilities. First, on July 11, it announced patches for an improper access control issue that can lead to a security feature bypass, and a deserialization issue that can be exploited for arbitrary code execution. READ MORE...
Act now! In-the-wild Zimbra vulnerability needs a workaround
Security experts are warning Zimbra users that a vulnerability for which there is no patch is being actively exploited in the wild. In a security update about the vulnerability, the company offered a temporary workaround which users can apply while waiting for a patch to be created. Zimbra is an open source webmail application used for messaging and collaboration. The vulnerability, which could impact the confidentiality and integrity of users' data, exists in Zimbra Version 8.8.15. READ MORE...
Hackers exploiting critical WordPress WooCommerce Payments bug
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation. WooCommerce Payments is a very popular WordPress plugin allowing websites to accept credit and debit cards as payment in WooCommerce stores. According to WordPress, the plugin is used on over 600,000 active installations. READ MORE...
- ...in 1921, Marine aviator, astronaut, and US Senator John Glenn is born in Cambridge, OH. He was the first American astronaut to orbit the Earth on the Mercury-Atlas 6 mission.
- ...in 1940, President Franklin Delano Roosevelt is nominated for an unprecedented third term.
- ...in 1968, microprocessor manufacturer Intel is founded in Mountain View, CA.
- ...in 1976, Romanian gymnast Nadia Comaneci becomes the first Olympic competitor to score a perfect 10 in a gymnastics event.
