VMWare Patches Critical RCE Flaw in vCenter Server
Posted on Wednesday February 24, 2021

The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system.

Nvidia’s Anti-Cryptomining GPU Chip May Not Discourage Attacks
Posted on Wednesday February 24, 2021

The hotly anticipated GeForce RTX 3060, a ray-tracing-friendly, advanced gaming graphics chip, will also throttle Ethereum mining.

Daycare Webcam Service Exposes 12,000 User Accounts  
Posted on Tuesday February 23, 2021

NurseryCam suspends service across 40 daycare centers until a security fix is in place.

IBM Squashes Critical Remote Code-Execution Flaw
Posted on Tuesday February 23, 2021

A critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code.

Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11
Posted on Monday February 22, 2021

The threat actors stole data and used Clop's leaks site to demand money in an extortion scheme, though no ransomware was deployed.

Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
Posted on Friday February 19, 2021

However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation.

SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps
Posted on Thursday February 18, 2021

Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered.

Stolen Jones Day Law Firm Files Posted on Dark Web
Posted on Wednesday February 17, 2021

Jones Day, which represented Trump, said the breach is part of the Accellion attack from December.

Ninja Forms WordPress Plugin Bug Opens Websites to Hacks
Posted on Wednesday February 17, 2021

The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking.

Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed
Posted on Wednesday February 17, 2021

Public disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe sandboxing with malicious PostMessage popups.