Critical 21Nails Exim bugs expose millions of servers to attacks

Newly discovered critical vulnerabilities in the Exim mail transfer agent (MTA) software allow unauthenticated remote attackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations. The security flaws (10 remotely exploitable and 11 locally) found and reported by the Qualys Research Team are collectively known a 21Nails. All … Continue reading Critical 21Nails Exim bugs expose millions of servers to attacks

The Wages of Password Re-use: Your Money or Your Life

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom. Our passwords can say a lot about us, and much of what they have to say is unflattering. In a … Continue reading The Wages of Password Re-use: Your Money or Your Life

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs

The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others. Pulse Secure has rushed a fix for a critical zero-day security vulnerability in its Connect Secure VPN devices, which has been exploited by nation-state actors to launch cyberattacks against U.S. … Continue reading Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Most mobile app users tend to blindly trust that the apps they download from app stores are safe and secure. But that isn't always the case. To demonstrate the pitfalls and identify vulnerabilities on a large scale, cybersecurity and machine intelligence company CloudSEK recently provided a platform called BeVigil where individuals can search and check … Continue reading Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Babuk Ransomware Gang Mulls Retirement

The RaaS operators have been posting, tweaking and taking down a goodbye note, saying that they’ll be open-sourcing their data encryption malware for other crooks to use. Just a few days after hackers bragged about purportedly raiding the computer systems of the Washington D.C. Metropolitan Police Department (MPD) and doxxing what looked like its data, … Continue reading Babuk Ransomware Gang Mulls Retirement