From cyware.com
Even a dormant or inactive domain can turn bad and begin pointing to partner program pages, phishing sites, or even malware. This month, Kaspersky published a new study on how adware or malware was lurking behind some of these seemingly benign domains.
Fraudsters have been abusing inactive domains to make money or even infect victims’ devices in targeted malvertising campaigns.
From gbhackers.com
Microsoft patched a critical 17-Year-old vulnerability with Windows DNS Server that can be triggered by an attacker with malicious DNS response.
The Windows DNS Server is an essential part of the Windows Domain environment and runs the DNS queries on Windows Server.
The vulnerability dubbed SIGRed (CVE-2020-1350) is wormable and it receives a CVSS base score 10/10, and it can be triggered by an attacker with malicious DNS response.
From cyware.com
There has been a surge in Internet traffic and DDoS attacks, and over time, the complexity of these attacks has been elevating. Amidst the COVID-19 pandemic, hackers are trying to find new and challenging ways to penetrate the network, as was witnessed by Cloudflare.
From theregister.com
Citrix has taken the unusual step of rebutting dark web discourse that alleges its networks have been compromised.
A Wednesday post penned by CISO Fermin J. Serna says the company is aware of “threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix network, exfiltration of data, and attempts to escalate privileges to launch a ransomware attack.”
Serna said Citrix is investigating the claims but has found “no evidence that the threat actor compromised the Citrix network.”
From bleepingcomputer.com
Today is Microsoft’s July 2020 Patch Tuesday, and if you see Windows administrators cursing for no reason, now you know why!
With the July 2020 Patch Tuesday security updates release, Microsoft has released one advisory for a tampering vulnerability in IIS and fixes for 123 vulnerabilities in Microsoft products.
From zdnet.com
Video sharing platform TikTok has been fined by a South Korea regulator for mishandling child data.
The Korea Communications Commission (KCC), the country’s telecommunications watchdog, said it has fined the company 186 million won — around $155,000 — for failing to protect users’ private data.
The fine is equivalent to 3% of the company’s annual sales in South Korea, an amount designated for such violations under local privacy laws. The investigation began last year in October, the KCC said.
From cyware.com
Excel 4.0 macros, which were introduced by Microsoft in its MS Office products in the early 1990s, gained good popularity among cyber attackers for its effectiveness in targeting potential victims. Recently, new malware was seen using this trick to target its victims.