Poisoned Library Package Used to Install Crypto Mining and Password Stealing Malware
On 22 October, attackers hijacked the NPM account of the developer of UAParser.js, a library used to detect users’ browser types and operating systems
On 22 October, attackers hijacked the NPM account of the developer of UAParser.js, a library used to detect users’ browser types and operating systems
CloudSEK’s Threat Intelligence team discovered a post, on a cybercrime forum, advertising a scanning tool for the path traversal and file disclosure vulnerability, CVE-2021-41773, in Apache HTTP Server.
A security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook instance, referred to as ChaosDB, that allows a user to gain access to another user’s data.
Jira released an advisory about the newly identified path traversal and read file vulnerability, CVE-2021-26086, in the Jira Software Server. Threat actors could exploit this vulnerability to poison the server logs, thereby causing remote code execution and/ or exfiltration of sensitive files and information.
The vulnerability tracked as CVE-2021-41773 is a path traversal and file disclosure vulnerability in Apache HTTP Server. The vulnerability has been exploited in the wild as a zero-day.
CISA recently released an advisory about the active exploitation of a newly identified vulnerability, CVE-2021-40539, in ManageEngine ADSelfService Plus
A post on a cybercrime forum is advertising Slycer Ransomware, a Python-based malware that encrypts files and sends its decryption key to the attacker
Following several attacks targeting the RCE flaw in MSHTML, CloudSEK Threat Intelligence Research team shares the TTPs and IOCs of the attack sequence
Researchers detected the vulnerability CVE-2021-40444 that targets a remote code execution flaw in MSHTML used to render web content inside Office documents
A post on a cybercrime forum, advertising 21 million user records of Microsoft coincides with the corporate giant’s latest advisory on a Cosmos DB vulnerability.
Sign up for our Daily Cyber Brief, and be the first to receive the latest cyber news and threat alerts, from across the world.
CloudSEK is a Digital risk protection Enterprise HQ in Singapore
Product and Modules
About us