SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. […]
CISA shares guidance for Microsoft expanded logging capabilities
CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. […]
MikroTik botnet uses misconfigured SPF DNS records to spread malware
A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. […]
FBI Uses Malware’s Own ‘Self-Delete’ Trick to Erase Chinese PlugX From US Computers
Law enforcement turns the PlugX malware’s own self-delete mechanism against it, nuking the China-linked trojan from thousands of US machines.
The post FBI Uses Malware’s Own ‘Self-Delete’ Trick to Erase Chinese PlugX From US Computers appeared first on SecurityWeek.
Label giant Avery says website hacked to steal credit cards
Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers’ credit cards and personal information. […]
Hackers use Google Search ads to steal Google Ads accounts
Ironically, cybercriminals now use Google search advertisements to promote phishing sites that steal advertisers’ credentials for the Google Ads platform. […]
Microsoft ends support for Office apps on Windows 10 in October
Microsoft says it will drop support for Office apps in Windows 10 after the operating system reaches its end of support on October 14. […]
Over 660,000 Rsync servers exposed to code execution attacks
Over 660,000 exposed Rsync servers are potentially vulnerable new to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that could lead to remote code execution. […]
DORA’s Deadline Looms: Navigating the EU’s Mandate for Threat Led Penetration Testing
With DORA’s January 2025 compliance deadline approaching, financial institutions must embrace rigorous testing, tailored threat profiles, and continuous vigilance to safeguard against cyber threats.
The post DORA’s Deadline Looms: Navigating the EU’s Mandate for Threat Led Penetration Testing appeared first on SecurityWeek.
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Cybersecurity researchers have alerted to a new malvertising campaign that’s targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google.
“The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages,” Jérôme Segura, senior director of
“The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages,” Jérôme Segura, senior director of