Major services including Slack, AWS, Hulu, Imgur facing outages
Major services across the internet are currently facing ongoing networking outages. […] Source: leepingcomputer.com
Continue ReadingAuthor: Ax Sharma
Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS
Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga began last week, security experts have time and time again recommended version 2.16 as the safest release to be on. That changes today with version 2.17.0 out that fixes CVE-2021-45105, a DoS vulnerability. […] Source: leepingcomputer.com
Continue ReadingAll Log4j, logback bugs we know so far, and why you MUST ditch 2.15
Everyone’s heard of the critical log4j zero-day by now. Dubbed ‘Log4Shell’ and ‘Logjam,’ the vulnerability has set the internet on fire. Below we summarize the four or more CVEs identified thus far, and pretty good reasons to ditch log4j version 2.15.0 for 2.16.0. […] Source: leepingcomputer.com
Continue ReadingThis image looks very different on Apple devices — see for yourself
This image appears starkly different when viewed in Apple iOS and Mac devices as opposed to others. BleepingComputer explains why. […] Source: leepingcomputer.com
Continue ReadingFirefox users can't reach Microsoft.com — here's what to do
Those using the Mozilla Firefox web browser are left unable to access Microsoft.com domain. Tests by BleepingComputer confirm the issue relates to SSL certificate validation errors. Below we explain what can you do to remedy the issue. […] Source: leepingcomputer.com
Continue ReadingMalicious PyPI packages with over 10,000 downloads taken down
The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious packages are estimated to have generated over 10,000 downloads and mirrors put together, according to the researchers’ report. […] Source: leepingcomputer.com
Continue ReadingNordic Choice Hotels hit by Conti ransomware, no ransom demand yet
Nordic Choice Hotels has now confirmed a cyber attack on its systems from the Conti ransomware group. Although there is no indication of card or payment information being affected, information pertaining to guest bookings was potentially leaked. […] Source: leepingcomputer.com
Continue ReadingAs Twitter removes blue badges for many, phishing targets verified accounts
A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. The phishing campaign follows Twitter’s recent removal of the checkmark from a number of verified accounts, citing that these were ineligible for the legendary status, and verified in error. […] Source: leepingcomputer.com
Continue ReadingUK government transport website caught showing porn
A UK Department for Transport (DfT) website was caught serving porn earlier today. The particular DfT subdomain behind the mishap, on most days, provides vital DfT statistics for the public and the department’s business plan. […] Source: leepingcomputer.com
Continue ReadingNPM fixes private package names leak, serious authorization bug
The largest software registry of Node.js packages, npm, has disclosed fixing multiple security flaws. The first flaw concerns leak of names of private npm packages on the npmjs.com’s “replica” server. Whereas, the second flaw allows attackers to publish new versions of any existing npm package that they do not own or have rights to. […] Source: leepingcomputer.com
Continue Reading