An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS.
The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.8) that
Top News
-
MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks
An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities...
-
Sẽ sớm có quy chuẩn về an toàn thông tin mạng cơ bản với camera giám sát
Theo Cục An toàn thông tin (Bộ TT&TT), ngay trong năm nay, ‘Quy chuẩn kỹ thuật quốc gia về yêu cầu an toàn thông tin mạng cơ bản cho...
-
Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code
The widely used team workspace corporate wiki Confluence has been discovered to have a critical remote code execution vulnerability. This...