[HackerNews] Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware

Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that’s being actively exploited by threat actors to deploy ransomware on vulnerable systems.
CVE-2021-42258, as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully

Source: Read More (The Hacker News)

You might be interested in …

[NCSC-FI News] CISA Adds Nine Known Exploited Vulnerabilities to Catalog

CISA has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the […]

Read More

[SecurityWeek] Thousands of Secret Keys Found in Leaked Samsung Source Code

All posts, Security Week

An analysis of the recently leaked Samsung source code revealed that thousands of secret keys have been exposed, including many that could be highly useful to malicious actors. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[HackerNews] Instagram‌ ‌Bug Allowed Anyone to View Private Accounts Without Following Them

All posts, HackerNews

Instagram has patched a new flaw that allowed anyone to view archived posts and stories posted by private accounts without having to follow them. “This bug could have allowed a malicious user to view targeted media on Instagram,” Mayur Fartade said in a Medium post today. “An attacker could have been able to see details of private/archived […]

Read More