Cybercriminals and nation-state actors adapted to defenders' tactics and became more efficient in 2021, with attackers relying more on data leaks combined with ransomware to extort increasing sums of money from companies — and in some cases using data leaks without encrypting data to force a company to pay, according to two analyses published this week. (By Robert Lemos, Dark Reading)
Recent research found the extent to which businesses are leaving themselves open to cyber attacks. When tested, 28% of businesses had critical vulnerabilities – vulnerabilities that could be immediately exploited by cyber attacks. (By Help Net Security)
A high-severity vulnerability in the UpdraftPlus WordPress plugin can allow an attacker to obtain website backups that could contain sensitive information. (By Ionut Arghire, SecurityWeek)
Researchers have found a new malware campaign exploiting vulnerable Microsoft Exchange Servers. The threat actors deploy the Squirrelwaffle malware loader on vulnerable servers to conduct financial fraud via phishing emails. (By Abeerah Hashim, Latesthackingnews.com)
Carpet bombing Distributed Denial of Service (DDoS) attacks are on the rise, according to new research by a cloud-oriented security services provider. (By Sarah Coble, Infosecurity Magazine)