'

Apache Struts 2 vulnerability discovered, as proof of concept circulates

Apache Struts 2 vulnerability discovered, as proof of concept circulates

A new vulnerability in the Struts 2 web application framework can potentially enable a remote attacker to execute code on systems running apps based on earlier versions of the software. The vulnerability, announced this week by Apache, involves a potential attacker manipulating file upload parameters in what is referred to as a path traversal attack. … Read more

Dashlane ditching master passwords

Dashlane ditching master passwords

A top-tier password manager maker is ditching the use of master passwords and offering its users a totally passwordless experience. Dashlane made the announcement Wednesday, saying the feature allows new users to create an account without having to set up and remember a master password. It added that it intends to expand the passwordless option … Read more

Ten Years Later, New Clues in the Target Breach

Ten Years Later, New Clues in the Target Breach

On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string “Rescator,” which also was the handle chosen by the cybercriminal who was … Read more

Lazarus APT attack campaign shows Log4Shell exploitation remains popular

Lazarus APT attack campaign shows Log4Shell exploitation remains popular

Despite receiving a patch two years ago, the Log4Shell vulnerability remains a popular attack vector even for sophisticated threat actors. An example is a recently documented attack campaign against companies from several industries by the North Korean state-run Lazarus APT group. The Lazarus attackers exploited Log4Shell (CVE-2021-44228) in publicly facing and unpatched VMware Horizon servers … Read more

AI enters production systems even as ‘trust’ emerges as a growing concern

AI enters production systems even as ‘trust’ emerges as a growing concern

AI has seen massive adoption in the public as well as private sector, with only a small fraction of both segments believing they are at least two years away from successfully leveraging it, according to a new report from Foundry Research. The research, commissioned by Splunk, surveyed senior decision-makers from more than 200 organizations with … Read more

Microsoft cracks down on group operating ‘cybercrime-as-a-service’

Microsoft cracks down on group operating ‘cybercrime-as-a-service’

Marking a major step in the fight against cybercrime, Microsoft has initiated action against Storm-1152, a group that offers a ‘cybercrime-as-a-service‘ network. The company has aggressively pursued legal measures to dismantle Storm-1152’s network, seizing its US-based infrastructure, shutting down key websites, and rigorously investigating to identify the individuals responsible for the group’s activities. “Storm-1152 runs … Read more