[ad_1] Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and
[ad_1] Business Email Compromise (BEC) , Cybercrime , Cybercrime as-a-service Tactics Include Subverting Advertising Redirect Services, Hiring English Speakers Mathew J. Schwartz (euroinfosec) • September 1, 2021     A recent phishing email, as displayed to a recipient, uses a modified redirect service URL – appended here to bottom of image – leading to a
[ad_1] Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That’s according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity
[ad_1] Attackers could take full control of millions of IoT devices directly over the Internet. The starting point is a critical security gap in a software development kit (SDK) that is used on countless baby monitors, digital video recorders and IP cameras, among other things. After successful attacks, attackers could eavesdrop on video streams, for
[ad_1] Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall (WAF) installations. The security flaw discovered by Rapid7 researcher William Vu impacts is yet to receive a CVE ID, and it impacts Fortinet FortiWeb versions 6.3.11 and earlier.
[ad_1] Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim’s web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been dubbed ALPACA, short for “Application Layer Protocol Confusion –