News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: exploits

Discovered: Criminal hackers with hacking competitions
11 October 2023
| No comments
| Short news, Sophos
SophosNews

Sophos X-Ops uncovers hacker research competitions on criminal online forums to innovate and overcome security hurdles in a new report. These cybercriminal research competitions also award individual prizes of up to $80.000. Sophos X-Ops describes in its new report “For the win? Offensive Research Contests on Criminal Forums” Hacker research contests conducted by cybercrime forums to drive new attack innovations. The competitions focus on new attack and evasion methods and reflect cybercrime trends such as taking down AV/EDR, cryptocurrency fraud and setting up command-and-control infrastructures. Hacker groups compete to find new…

Read more

2021: Record year for zero-day vulnerabilities 
12 May 2022
| No comments
| Short news

The trade in zero-day vulnerabilities and associated exploits is growing rapidly. Mandiant examined the many exploits and summarized the results in a report. China, Russia and North Korea in particular are the major providers of exploits. Zero-day exploits have become so popular among hackers that they have a market of their own. The exploit industry is financially very profitable for criminals, which is why it is constantly growing. Microsoft, Google's Chrome browser - even the big ones are not protected from criminals finding and exploiting security gaps in their systems that were previously unknown...

Read more

Log4j alarm: heat maps show attempted attacks and scans
23 December 2021
| No comments
| Short news, Sophos
SophosNews

Sophos registers the scans for Log4j vulnerabilities worldwide and the countries from which many exploits come: China and Russia. The findings show two heatmaps. Sean Gallagher, Senior Threat Researcher at Sophos “Sophos continues to monitor scans for Log4j vulnerabilities. In the past, we've seen large spikes and then sharp drops in such scans and exploit attempts. In the case of Log4j, we didn't see a drop, but rather daily scans and access attempts from a globally distributed infrastructure. We expect this high level of activity to continue as the vulnerability...

Read more

Log4j alarm: Mandiant provides tools 
16 December 2021
| No comments
| Short news

The BSI has issued the highest warning level for the security hole discovered a few days ago in the widely used Java library log4j. Mandiant provides free tools for creating rules for the systematic search for deserialization exploits. Mandiant released free tools on GitHub today that companies can use to create rules for systematically searching for deserialization exploits and other types of zero-day exploits. This also includes rules for finding the JNDI Code Injection Zero-Day, which was published for log4j last week. Rules Against Deserialization Exploits In a new blog post, Mandiant describes ...

Read more

Study: Great danger from old weak points
September 15, 2021
| No comments
| Stories

Trend Micro Study: Old vulnerabilities pose great risk. Around a quarter of the exploits traded in the cybercriminal underground are over three years old. Trend Micro, one of the world's leading providers of cybersecurity solutions, publishes a new study calling on companies to focus their patching measures on the vulnerabilities that pose the greatest risk to their business - even if they are several years old are. 3-year-old exploits remain in demand Trend Micro Research found that 22 percent of exploits traded on underground forums are more than three years old….

Read more

Exchange: New vulnerabilities discovered and closed
24 April 2021
| No comments
| GData, Short news
G Data News

In mid-April there were again some critical updates for Microsoft Exchange. As with hafnium, experts strongly advise installing the patches. Unlike with hafnium, however, the warning came from the American NSA. On patch day in mid-April, Microsoft closed two critical security holes that affect locally installed instances of Exchange 2013, 2016 and 2019. These security vulnerabilities allow arbitrary program code to be executed on an affected system. In contrast to the security vulnerabilities that the Hafnium group used, there are currently no signs, according to Microsoft, that the vulnerabilities are active ...

Read more

© 2024 MedPressIT GbR
Cookie Settings