Introducing Wasmcov: Code Coverage Tool for Wasm Projects
We’re proud to introduce Wasmcov, a specialized code coverage tool tailored for Wasm environments.
Contents
hide
DNSpooq Flaws Allow DNS Hijacking of Millions of Devices
This week researchers have uncovered a set of flaws in dnsmasq, popular open-source software used for caching Domain Name System (DNS) responses for home and commercial routers and servers.
The set of seven flaws consist of buffer overflow issues and weaknesses, allowing for DNS cache-poisoning attacks (also known as DNS spoofing). If exploited, these flaws could be chained together to allow remote code execution, denial of service and other attacks.
Dnsmasq is installed on many homes and commercial routers and servers in many organisations.
Google Searches Expose Stolen Corporate Credentials
Attackers behind a recently discovered phishing campaign have unintentionally left more than 1,000 stolen credentials available online via simple Google searches, researchers have found.
The campaign, which began in August 2020, used e-mails that spoof notifications from Xerox scan to lure victims into clicking on malicious HTML attachments.
While this is and of itself is not atypical of phishing campaigns, attackers made a βsimple mistake in their attack chainβ that left the credentials theyβd stolen exposed to the βpublic Internet, across dozens of drop-zone servers used by the attackers,β researchers said.
Windows RDP servers are being abused to amplify DDoS attacks
According to Shodan, there are five millions of RDP servers all over the world available for hackers to use exploit.
Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.
Hackers are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks. Not every RDP server can be abused, only systems where RDP authentication is also enabled on UDP port 3389 on top of the standard TCP port 3389.
Ransomware is now the biggest cybersecurity concern for CISOs
Ransomware is the most significant cybersecurity concern facing businesses, according to those responsible for keeping organisations protected from cyberattacks and hacking.
A survey of chief information security officers (CISOs) and chief security officers (CSOs) by cybersecurity company discovered that ransomware is now viewed as the primary cybersecurity threat to their organisation over the next year.
46% β of CSOs and CISOs surveyed said that ransomware or other forms of extortion by outsiders represents the biggest cybersecurity threat.
Malwarebytes said it was hacked by the same group who breached SolarWinds
We continue the heading of the hack chain of companies that are engaged in cybersecurity. This week Malwarebytes becomes the fourth major security firm targeted by criminals after FireEye, Microsoft, CrowdStrike.
Malwarebytes was hacked by the same group which breached IT software company SolarWinds last year.
Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since it doesnβt use any of SolarWinds software in its internal network.
The security firm said the hackers breached its internal systems by exploiting a dormant email protection product within its Office 365 tenant.
