Microsoft Sway Abused in Office 365 Phishing Attack
The “PerSwaysion” attackers have leveraged a plethora of Microsoft services to compromise at least 150 executives in a highly targeted phishing campaign.
Salt Bugs Allow Full RCE as Root on Cloud Servers
Researchers say the bugs are easy to exploit and will likely be weaponized within a day.
Building for Billions: Addressing Security Concerns for Platforms at Scale
Lessons from Facebook and Google show how to safely scale your environment for security.
New Android Malware Targets PayPal, CapitalOne App Users
Researchers warn that the EventBot Android malware, which targets over 200 financial apps, could be the “next big mobile malware.”
Shade Threat Actors Call It Quits, Release 750K Encryption Keys
The team behind the ransomware, first spotted in late 2014 and typically targeting Russian victims, apologized to victims in a post on GitHub.
APT trends report Q1 2020
For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They…
Enforce Primary Key constraints on Replication
In this post, we introduce a configuration option that controls whether replication channels allow the creation of tables without primary keys. This continues our recent work on replication security, where we allowed users to enforce privilege checks, and/or enforce row-based events.…
Critical WordPress e-Learning Plugin Bugs Open Door to Cheating
The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges.
High-Severity Cisco IOS XE Flaw Threatens SD-WAN Routers
Cisco’s IOS XE software for SD-WAN routers has a high-severity insufficient input validation flaw.
Millions of Brute-Force Attacks Hit Remote Desktop Accounts
Automated attacks on Remote Desktop Protocol accounts are aimed at taking over corporate desktops and infiltrating networks.