Oracle WebLogic Server RCE Flaw Under Active Attack
The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn.
Source: Threadpost
Core Windows Utility Can Be Used to Bypass AppLocker
A researcher has discovered that Windows’ Regsvr32 can be used to download and run JavaScript and VBScript remotely from the Internet, bypassing AppLocker’s whitelisting protections.
Source: Threadpost
Threatpost News Wrap, January 29, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest on the BlackEnergy APT Group, Amazon getting into the SSL certificate game, and government agencies being told...
Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising
Beware: The swindle uses legitimately purchased YouTube ads, real liquidity, legitimate DEX Uniswap, and the real wallet extension MetaMask to create an entirely convincing fake coin gambit.
Source: Threadpost
2.28M MeetMindful Daters Compromised in Data Breach
The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download.
Source: Threadpost
U.S. Intelligence Report Due Next Week on Election Hack
The U.S. intelligence committee is expected to publish an unclassified report on Russia's involvement with influencing the presidential election.
Source: Threadpost
Cisco ASA Bug Now Actively Exploited as PoC Drops
In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.
Source: Threadpost
Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited.
Source: Threadpost
Breach Forces Password Change on Oracle MICROS PoS Customers
Oracle warns its MICROS point-of-sale system customers to change account passwords after malware was discovered on a support site that was infecting users.
Source: Threadpost
GoBotKR Targets Pirate Torrents to Build a DDoS Botnet
The authors have tweaked a known piece of malware to specifically target Korean TV fans.
Source: Threadpost