[ThreatPost] Zoho Password Manager Flaw Torched by Godzilla Webshell

A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology, defense, healthcare, energy and education), deploying the Godzilla webshell and […]

Source: Read More (Threatpost)

You might be interested in …

[SANS ISC] Video: oledump Cheat Sheet, (Sun, Jun 20th)

All posts, Sans-ISC

I did create a SANS cheat sheet for oledump.py. Here is a short video where I go over the cheat sheet and give some simple demos: Didier Stevens Senior handler Microsoft MVP blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Source: Read More (SANS Internet Storm Center, InfoCON: green)

Read More

[BleepingComputer] Microsoft’s print nightmare continues with malicious driver packages

Microsoft’s print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers. […] Source: Read More (BleepingComputer)

Read More

[ZDNet] WhatsApp starts slowly rolling out encrypted backups

All posts, ZDNet

Users will need the latest version of WhatsApp to take advantage of the new functionality. Source: Read More (Latest topics for ZDNet in Security)

Read More