Attackers are targeting MySQL servers and Docker hosts to plant malware capable of launching distributed denial-of-service (DDoS) attacks, according to a warning from researchers at the AhnLab Security Emergency Response Center. According to AhnLab, attacks targeting MySQL on Windows have increased in frequency with vulnerable MySQL servers infected with ‘Ddostf’, a DDoS-capable botnet of Chinese […]
Certain devices’ SSH connections can be snooped on, allowing attackers to impersonate the equipment and observe users’ login details and activities. The vulnerability is caused by errors in signature generation.
The attackers are targeting healthcare organizations in the U.S. using local ScreenConnect instances used by Transaction Data Systems (TDS), a pharmacy supply chain and management systems solution provider.
Dolly.com pays ransom, attackers release data anyway Pierluigi Paganini November 10, 2023 On-demand moving and delivery platform Dolly.com allegedly paid a ransom but crooks found an excuse not to hold their end of the bargain. Cybercriminals are hardly a trustworthy bunch. Case in point: Dolly.com. The Cybernews research team believes that the platform suffered a […]
The first vulnerability, tracked as CVE-2023-23368, allows remote attackers to execute commands via a network. The second vulnerability, identified as CVE-2023-23369, can also be exploited by remote attackers.
The flaw, known as CVE-2023-46604, allows attackers to execute arbitrary shell commands by exploiting the serialized class types in the OpenWire protocol. The issue affects several versions of Apache ActiveMQ, but patches have been released.
Microsoft’s block on Visual Basic for Applications (VBA) macros has led attackers to experiment with different file types, with XLL files now being used as a means to distribute malware.
Security researchers at eSentire are calling attention to a new method that attackers can use to redirect business professionals to malicious websites. Described as the Wiki-Slack attack, the new technique uses modified Wikipedia pages and relies on a formatting error when the page is rendered in Slack. To mount the attack, a threat actor would […]
ServiceNow has fixed a flaw that allowed unauthenticated attackers to steal sensitive data. The flaw was highlighted by security researcher Aaron Costello, who found that the default configurations of ServiceNow’s widgets exposed personal data.