Networking solutions provider Zyxel has released patches for a critical-severity vulnerability impacting the firmware of multiple network attached storage (NAS) device models.
Ransomware Attacks Target Government Agencies in Latin America
Several government agencies in Latin America were targeted in ransomware attacks in the past months, and the latest victims are Chile and the Dominican Republic.
Academics Devise Open Source Tool For Hunting Node.js Security Flaws
A group of academic researchers have designed an open source Node.js bug hunting tool that has already identified 180 security vulnerabilities.
Malicious Plugins Found on 25,000 WordPress Websites: Study
Researchers at Georgia Institute of Technology have identified malicious plugins on tens of thousands of WordPress websites.
Atlassian Ships Urgent Patch for Critical Bitbucket Vulnerability
Atlassian’s security response team has issued an urgent advisory to warn of a critical command injection flaw in its Bitbucket Server and Data Center product.
The vulnerability carries a CVSS severity score of 9.9 out of 10 and can be exploited remotely to launch code execution attacks, Atlassian said.
New ‘Agenda’ Ransomware Customized for Each Victim
Cybersecurity company Trend Micro is raising the alarm on a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa.
Written in the Golang (Go) cross-platform programming language, the threat has the ability to reboot systems in safe mode and to stop server-specific processes and services.
LastPass Says Source Code Stolen in Data Breach
Password management software firm LastPass has suffered a data breach that led to the theft of source code and proprietary technical information.
BalkanID Adds $2.3M to Seed Funding Round
BalkanID, a Texas startup building technology in the Identity Governance and Administration (IGA) space, has added $2.3 million to its seed financing round, bringing the total raised to $8.1 million.
Microsoft Details New Post-Compromise Malware Used by Russian Cyberspies
Microsoft this week published technical details on ‘MagicWeb’, a new post-exploitation tool used by Russia-linked cyberespionage group APT29.
Plex Confirms Database Breach, Data Theft
Popular streaming media platform Plex is scrambling to reset user passwords after a database hack that included the theft of emails, usernames, and encrypted passwords.
