A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware.
Source: Read More (Threatpost)
You might be interested in …
Daily NCSC-FI news followup 2020-02-13
US says it can prove Huawei has backdoor access to mobile-phone networks arstechnica.com/tech-policy/2020/02/us-gave-allies-evidence-that-huawei-can-snoop-on-phone-networks-wsj-says/ “We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world,” US National Security Adviser Robert O’Brien told the Journal.. The US kept the intelligence highly classified until late […]
[TheRecord] Attackers don’t bother brute-forcing long passwords, Microsoft engineer says
According to data collected by Microsoft’s network of honeypot servers, most brute-force attackers primarily attempt to guess short passwords, with very few attacks targeting credentials that are either long or contain complex characters. “I analysed the credentials entered from over >25 million brute force attacks against SSH. This is around 30 days of data in […]
[ThreatPost] The Top Ransomware Threats Aren’t Who You Think
Move over REvil, Ragnar Locker, BlackMatter, Conti et al: Three lesser-known gangs account for the vast majority of ransomware attacks in the U.S. and globally. Source: Read More (Threatpost)