Never miss a story

Get subscribed to our newsletter


×
Unsplash

Apache has now released a new security patch to address the second bug.

As the Internet faces one of the most serious vulnerabilities in recent years putting millions of devices at hacking risk, attackers are now making thousands of attempts to exploit a second vulnerability involving a Java logging system called 'Apache log4j2'.

The description of the new vulnerability, titled 'CVE 2021-45046', says the fix to address the earlier security bug (CVE-2021-44228) in 'Apache Log4j 2.15.0' was "incomplete in certain non-default configurations".

Keep Reading Show less

Popular

Flickr

Hackers have stolen crypto tokens worth $120 million from Blockchain-based decentralised finance (DeFi) platform BadgerDAO.

Hackers have stolen crypto tokens worth $120 million from Blockchain-based decentralised finance (DeFi) platform BadgerDAO. Several crypto wallets were drained before the platform could stop the cyber attack. In a tweet, Badger said it has received reports of unauthorised withdrawals of user funds. "As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals. Our investigation is ongoing and we will release further information as soon as possible," the company said late on Thursday.

According to the blockchain security and data analytics Peckshield, the various tokens stolen in the attack are worth about $120 million, reports The Verge. According to reports, someone inserted a malicious script in the user interface (UI) of their website. Badger has retained data forensics experts Chainalysis to explore the full scale of the incident and authorities in both the US and Canada have been informed. "Badger is cooperating fully with external investigations as well as proceeding with its own," it said. DeFi is a collective term for financial products and services that are open, decentralised and accessible to anyone. DeFi products open up financial services to anyone with an internet connection and they are largely owned and maintained by their users. While the attack didn't reveal specific flaws within Blockchain tech itself, it managed to exploit the older "web 2.0" technology that most users need to use to perform transactions, according to reports. (IANS/ MBI)


Keep Reading Show less
Photo by Clint Patterson on Unsplash

Prior to an attack, ransomware actors research publicly available information, such as a victim's stock valuation, as well as material nonpublic information.

The US has warned that ransomware hacking groups are now targeting companies involved in "significant, time-sensitive financial events" and people whose private financial information they have gained access to. In a latest advisory to private firms, the Federal Bureau of Investigation (FBI) said that ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victimcompanies for ransomware infections.

"Prior to an attack, ransomware actors research publicly available information, such as a victim's stock valuation, as well as material nonpublic information. If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash," the FBI said in its report. During the initial reconnaissance phase, cyber criminals identify non-publicly available information, which they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands.

Keep Reading Show less
Photo by Bermix Studio on Unsplash
gold and silver round coin

By Tharini Ilanchezhian

Poly Network, a crypto currency platform had lost whooping amount of $610 million because of this heist. Sources say that it had offered the hackers an amount of $500,000.

Keep reading... Show less