Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide. In a new report by Amit Serper, Guardicore's AVP of Security Research, the researcher reveals how the incorrect implementation of the Autodiscover protocol, rather than a bug in Microsoft Exchange, is causing Windows credentials to be sent to third-party untrusted websites. READ MORE...
The Turla advanced persistent threat (APT) group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they've spotted infections they attributed to the Turla group (aka Snake, Venomous Bear, Uroburos and WhiteBear) - a Russian-speaking APT. Those attacks are "likely" using a stealthy, "second-chance" backdoor to maintain access to infected devices, they noted. READ MORE...
McAfee Labs have observed a new phishing campaign that utilizes macro capabilities available in Microsoft PowerPoint. In this campaign, the spam email comes with a PowerPoint file as an attachment. Upon opening the malicious attachment, the VBA macro executes to deliver variants of AgentTesla which is a well-known password stealer.?These spam emails purport to be related to financial transactions. READ MORE...
Netgear has fixed a high severity remote code execution (RCE) vulnerability found in the Circle parental control service, which runs with root permissions on almost a dozen modern Small Offices/Home Offices (SOHO) Netgear routers. While one would expect the attack vector exposed by Circle security flaw (tracked as CVE-2021-40847) would be removed after the service is stopped, the Circle update daemon containing the bug is enabled by default and it can be exploited even if the service is disabled. READ MORE...
A code execution bug in Apple's macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn't fully patched it yet, as tested by Ars. Independent security researcher Park Minchan has discovered a vulnerability in the macOS that lets threat actors execute commands on your computer. Shortcut files that have the inetloc extension are capable of embedding commands inside. The flaw impacts macOS Big Sur and prior versions. READ MORE...
Cloud computing and virtualization technology giant VMware on Tuesday shipped an urgent security patch for a flaw in its vCenter Server product and warned users to expect public exploit code within minutes of disclosure. "Time is of the essence," VMware said in a note calling attention to CVE-2021-22005, a file upload bug in the vCenter Server Analytics service. READ MORE...
Two ColdFusion vulnerabilities patched by Adobe more than a decade ago have been exploited by threat actors in a recent attack, according to cybersecurity firm Sophos. Sophos recently investigated an attack where an unknown threat actor deployed the Cring ransomware on the systems of an unnamed services company. The attack started with the attacker scanning the web for potential targets and identifying a vulnerable ColdFusion installation on the victim's website. READ MORE...