1 Match 2021 Weekly Newsletter

Immigration documents and COVID-19 lab results were left unprotected

RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service.

                                                      VULNERABILITIES

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.

After security researchers have developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter remote code execution (RCE) vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers.

Google’s cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution

Security researchers at Detectify have discovered a series of middleware misconfigurations in Nginx that could leave web applications vulnerable to attack.

                                     MALWARES

Security researchers say the Chinese Flash app is behaving lide adware and opening browser windows to show ads.

Botnet operators are abusing VPN servers from VPN provider Powerhouse Management as a way to bounce and amplify junk traffic part of DDoS attacks.

Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users' computers.

                               GENERAL NEWS

Microsoft tapped GitHub's CodeQL to discover whether its source code had been modified in the SolarWinds supply chain attack.

Facebook announced on Wednesday it has banned almost all Myanmar military-controlled state and media accounts from its platforms, Facebook and Instagram.