Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems.
Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials
A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps.
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108).
New Chrome Browser 0-day Under Active Attack—Update Immediately!
Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild.
Emotet—a sophisticated Trojan commonly functioning as a downloader or dropper of other malware—resurged in July 2020, after a dormant period that began in February. Since August, emotet increase in malicious cyber actors targeting state and local governments with it's phishing emails. This increase has rendered Emotet one of the most prevalent ongoing threats.
New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers
A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies.
Italy CERT Warns of a New Credential Stealing Android Malware
Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video.
New Attack Could Let Remote Hackers Target Devices On Internal Networks
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network.
Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.
Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy
Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools.
Password Security Advisories
Password Security Advisories
A password is a secret word or string of characters that is used for user authentication to prove identity, or for access approval to gain access to a resource. The password should be kept secret from those not allowed access. User names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, automated teller machines (ATMs), etc.
A typical computer user has passwords for many purposes: logging in to accounts, retrieving e-mail, accessing applications, databases, networks, web sites, and even reading the morning newspaper online.
Password Security tips
Don't use personal information such as your name, age, birth date, child's name, nickname, phone number or favorite color/song, etc that can be easily accessed or guessed.
Don't use words that can be found in any dictionary of any language.
Develop a mnemonic for remembering complex passwords.
Use both lowercase and capital letters.
Use a long password made up of numbers, letters and special characters
Make sure you use different passwords for each of your accounts.
Be sure no one watches when you enter your password.
Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.
Use comprehensive security software such as your anti-virus and keep it up to date to avoid key loggers (keystroke loggers) and other malware.
Avoid entering passwords on computers you don't control (like computers at an Internet cafe or library)—they may have malware that steals your passwords.
Depending on the sensitivity of the information being protected, you should change your passwords periodically.