Threat actors were found exploiting CVE-2018-1000861, a vulnerability in the Stapler web framework that is used by the Apache Jenkins open-source software development automation server with versions 2.153 and earlier.
A sophisticated Microsoft Exchange server backdoor gives hackers access to incoming and outgoing email. They would be able to intercept, redirect, and modify emails as well as send messages on behalf of the compromised victims.
The sustained prevalence of brand impersonation in phishing attacks is further demonstrated in a new report which listed the most impersonated brands in the first quarter of 2019.
A new ransomware dubbed MegaCortex has been targeting business networks across the world. The sudden surge in activity was noted by cybersecurity firms and researchers, and further investigation shows how complex this particular ransomware is.
Microsoft is changing their baseline for password-expiration policies in Windows. The proposal is a move from the previous policy that requires users to change their login passwords periodically.
BEC threat actors are expanding from their traditional enterprise victims toward nonprofit and religious organizations, with a recent incident involving a church.
Malicious actors behind the distributed denial of service (DDoS) attacks against Electrum Bitcoin wallet users were seen switching to a new malware loader.