The FBI has warned that online shoppers are at risk of losing more than $53 million this year to holiday scams that promise fake bargains and hard-to-find gifts.
Security researchers have discovered a Linux-based remote access trojan (RAT) that uses an unusual stealth technique to steal data. It hides in the Linux calendar sub-system as a task that has a nonexistent date viz. February 31. Organizations are suggested to invest more in data protection solutions to secure sensitive information.
A new Iranian actor was spotted abusing an RCE flaw in Microsoft MSHTML to target Farsi-speaking people globally and stealing their Google and Instagram credentials. The attacks started in July via spear-phishing emails that targeted Windows users with Winword attachments. Exports recommend organizations implement a robust patch program and deploy reliable anti-malware solutions.
This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service.
D-Link DSL-3782 pre-authentication remote root exploit.
Backdoor.Win32.Coredoor.10.a malware suffers from a man-in-the-middle vulnerability.
Email-Worm.Win32.Deltad malware suffers from an insecure permissions vulnerability.
Italy's antitrust regulator has fined both Apple and Google €10 million each for what it calls are "aggressive" data practices and for not providing consumers with clear information on commercial uses of their personal data during the account creation phase. The Autorità Garante della Concorrenza e del Mercato (AGCM) said "Google and Apple did not provide clear and immediate information on the
