Microsoft is still investigating how a China-linked hacking group managed to acquire an inactive Microsoft account consumer signing key and forged tokens to steal emails from the U.S. State Department. The threat actor also accessed data from about two dozen other organizations. Microsoft has since hardened key issuance systems, revoked all prior keys and issued new keys using updated systems. READ MORE...
A sophisticated cloud-credential stealing and cryptomining campaign targeting Amazon Web Services (AWS) environments for the past several months has now expanded to Azure and Google Cloud Platform (GCP) as well. And, the tools used in the campaign share considerable overlap with those associated with TeamTNT, a notorious, financially motivated threat actor, researchers have determined. READ MORE...
The Spanish National Police has apprehended a Ukrainian national wanted internationally for his involvement in a scareware operation spanning from 2006 to 2011. This extensive operation led to the infection of hundreds of thousands of computers with malicious software designed to display pop-up messages intended to mislead the users into thinking their computers were infected by malware. READ MORE...
At least two recently disclosed Adobe ColdFusion vulnerabilities appear to have been exploited in the wild, including a flaw that security experts say has not been completely patched by the software giant. Last week, Adobe informed customers about three critical ColdFusion vulnerabilities. First, on July 11, it announced patches for an improper access control issue that can lead to a security feature bypass, and a deserialization issue that can be exploited for arbitrary code execution. READ MORE...
Security experts are warning Zimbra users that a vulnerability for which there is no patch is being actively exploited in the wild. In a security update about the vulnerability, the company offered a temporary workaround which users can apply while waiting for a patch to be created. Zimbra is an open source webmail application used for messaging and collaboration. The vulnerability, which could impact the confidentiality and integrity of users' data, exists in Zimbra Version 8.8.15. READ MORE...
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation. WooCommerce Payments is a very popular WordPress plugin allowing websites to accept credit and debit cards as payment in WooCommerce stores. According to WordPress, the plugin is used on over 600,000 active installations. READ MORE...