New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
Dubbed SMASH, the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the last seven years.
CISA Urges Caution for Security Researchers Targeted in Attack Campaign
The Cybersecurity and Infrastructure Security Agency (CISA) is cautioning cybersecurity researchers to keep their guard up amid a wave of attacks targeting this particular group.
Experts see 'unprecedented' increase in hackers targeting electric grid
The leader of EI-ISAC, a key information-sharing group, said Tuesday that organizations involved in the electricity sector had seen an "unprecedented" increase in cyber threats during the COVID-19 pandemic.
Compromised Microsoft Exchange Server Used to Host Cryptominer
Researchers at Sophos have reported that an unknown attacker is attempting to use a compromised Microsoft Exchange Server to deliver a malicious Monero cryptominer onto other vulnerable Microsoft Exchange Servers.
Google Chrome blocks port 10080 to stop NAT Slipstreaming attacks
Last year, a new version of the NAT Slipstreaming vulnerability was disclosed that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network.
Collaboration Platforms Increasingly Abused for Malware Distribution, Data Exfiltration
Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco’s Talos division report.
Attackers Found Abusing GitHub Infrastructure to Mine Cryptocurrency
GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. Such kind of attacks were reported at least since the end of 2020.
Ransomware Declared As a National Security Threat by DHS
In an RSA conference webcast, Alejandro Mayorkas, the U.S. Secretary of Homeland Security, stated that fighting ransomware attacks is now the Department of Homeland Security's number one priority, and a plan to be more proactive is already in place.
US DOJ Warns Against Phishing Attacks Using Vaccine Surveys to Steal Personal Info
The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information.
Coinhive domain repurposed to warn visitors of hacked sites, routers
After taking over the domains for the notorious Coinhive in-browsing Monero mining service, a researcher is now displaying alerts on hacked websites that are still injecting the mining service's JavaScript.
