Vulnerability Identified in The Plus Addons for Elementor WordPress Plugin
The Plus Addons for Elementor WordPress plugin has a crucial flaw that could be used to obtain administrator access on a website. The zero-day has been used in the wild, according to the Wordfence...
Microsoft Announced the Open Source Availability of CodeQL Queries
On Thursday, Microsoft revealed the open source availability of CodeQL queries that it used during its SolarWinds attack investigation.
The attackers hacked into the systems of IT management solutions company SolarWinds in 2019 and, using...
ACROS Released a Zero-Day Vulnerability in Microsoft Internet Explorer
Last week, Slovenia-based cybersecurity testing firm ACROS Security announced the publication in Microsoft Internet Explorer (IE) of an unofficial micro-patch for a zero-day vulnerability that North Korean hackers are suspected to have exploited in...
SonicWall Said Internal Systems Were Targeted by “Highly Sophisticated Threat Actors”
Late on Friday, the cybersecurity firm SonicWall said that some of its internal networks were attacked by "highly advanced threat actors" leveraging what seem to be zero-day vulnerabilities impacting some of the goods of...
FireEye Release of an Open Source Tool Designed to Check Microsoft 365
On Tuesday, FireEye Mandiant announced the introduction of an open source platform intended to audit tenants of Microsoft 365 for the use of UNC2452-related techniques, the name currently given by the cybersecurity firm to...
Ransomware Attacks Linked to Chinese Cyber-Espionage Group APT27
It is suspected that the China-linked cyber-espionage organisation APT27 has coordinated recent ransomware attacks, including one where the victim's files were encrypted using a legal Windows tool.
APT27 is known for cyber espionage activities targeting...
Two Laced Ransomware Gems Discovered in the RubyGems Repository
Recently, the RubyGems hosting service removed two Ruby gems that were found to pack malware capable of running persistently on infected machines.
The two gems, pretty-color and ruby-bitcoin, contained Windows machine-targeting malware that was intended...
Threat Actors are Targeting K-12 Educational Institutions in the U.S
Threat actors in the United States are targeting K-12 education institutions to install ransomware, steal information, or interrupt distance learning programs.
In a joint alert this week, the Federal Bureau of Investigation (FBI), the Cybersecurity...
Threat Actors are Targeting an Oracle WebLogic Flaw
Threat Actors are Targeting an Oracle WebLogic Flaw. In an effort to mount a piece of malware called DarkIRC on compromised computers, threat actors are targeting an Oracle WebLogic fault patched last month.
The vulnerability,...
Trend Micro’s Security Researchers Identified a New macOS Backdoor in Attacks
A recent macOS backdoor that they suspect is used by the Vietnamese threat actor OceanLotus has been found by Trend Micro's security researchers.
OceanLotus has been found specifically targeting government and corporate institutions in Southeast...
