Security firm Symantec was attacked by a hacker back in February, but the company did not reveal details of the incident. The attack has been brought to light by Guardian Australia which has seen some of the data extracted by hackers. This comprises not only passwords, but what is thought to be a list of Symantec clients — including government agencies. But Symantec is downplaying the data breach, dismissing it as a “minor incident”.
Attackers are exploiting a Linux Exim critical flaw to execute remote commands, download crypto miners and sniff out other vulnerable servers. A widespread campaign is exploiting a vulnerability in the Exim mail transport agent (MTA) to gain remote command-execution on victims’ Linux systems. Researchers say that currently more than 3.5 million servers are at risk from the attacks, which are using a wormable exploit. pecifically under attack is a flaw in Exim-based mail servers, which run almost 57 percent of the internet’s email servers. Attackers are exploiting the flaw, discovered last week, to take control of the victim machines, search the internet for other machines to infect, and to initiate a cryptominer infection.
A new large scale cyber attack combines both the regular cybercrime and targeted attack tools to deliver cryptocurrency miners and ransomware. The campaign makes use of sophisticated hacking tools that previously used in targeted attacks. Trend Micro researchers observed that the threat actors using a package of tools from the Equation group known publically as Shadow Brokers and the attack mainly targets the outdated versions of Microsoft Windows OS.
recent study found that only 5.5% of security vulnerabilities discovered by researchers were actually ever used by hackers. Why it matters: That number makes instinctive sense to experts but can seem counterintuitive to anyone outside the field. That’s because all vulnerabilities are not created equal — and in a world with hundreds of bugs released a week, prioritizing the important ones is key to any defense. The big picture: If the 5.5% statistic sounds jarring, you’re not alone. Jay Jacobs, the lead author on the study, says he thought it’d be higher, too.
A critical flaw in the popular note-taking Evernote extension could have allowed attackers to steal personal data – including emails and financial transactions – of millions. Specifically impacted was the Evernote Web Clipper extension for the Chrome browser, which lets users capture full-page article, images, selected text, emails and more. The Evernote extension is extremely popular, putting the personal data of than 4.6 million users at risk, researchers said.