Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers.PrismHR is an online payroll, benefits, and human resources platform used by Professional employer organizations (PEO). PEOs use this platform to provide payroll, HR, and benefits servi

Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users."Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild," the Google Chrome 89.0.4389.72 announcement reads.Th

Microsoft has released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day vulnerabilities actively exploited in targeted attacks.These four zero-day vulnerabilities are chained together to gain access to Microsoft Exchange servers, steal email, and plant further malware for increased access to the netw

The popular jailbreaking tool called “unc0ver” now supports iOS 14.3 and earlier releases, and is able to unlock almost every iPhone device. Pwn20wnd, the author of the jailbreaking tool “unc0ver,” has updated their software to support iOS 14.3 and earlier releases. The last release of the jailbreaking tool, unc0ver v6.0.0, now inc

The Perl.com domain was hijacked in January 2021, but hackers seemingly took control of it four months prior, in September 2020.Serving articles about the Perl programming language since 1997 and managed by The Perl Foundation, the domain started pointing to a parked site at the end of January, with evidence suggesting connections to sites distributing malwa

TPG Capital will combine privileged access management providers into one company.TPG Capital today announced it is purchasing privileged access management (PAM) provider Thycotic and merging it with competitor Centrify, which the firm recently acquired.In a deal worth $1.4 billion, the private equity platform of alternative asset firm TPG said it has signed

Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.Microsoft has released patches for four critical vulnerabilities being used to target on-premises versions of Microsoft Exchange Server in "limited and targeted" attacks. It attributes the activity to a group called Hafnium, whi

The French government’s computer emergency readiness team, that’s part of the National Cybersecurity Agency of France, or ANSSI, has discovered a Ryuk variant that has worm-like capabilities during an incident response. For those unacquainted with Ryuk, it is a type of ransomware that is used in targeted attacks against enterprises and organiz

A threat actor stole the identities of recipients of the US Congressional Medal of Honor and used their personal data to purchase goods from American military exchanges. According to a Secret Service search warrant application obtained by The Daily Beast, the identities of a third of the living holders of the US government's highest and most pr

A federal judge in Washington state has dismissed a cyber-squatting claim brought by the Washington Chapter of The Satanic Temple.The United Federation of Churches LLC, doing business as The Satanic Temple, filed a lawsuit against a group of former Temple members who it claimed erased the contents of the Temple's social media accounts and repla

PrismHR, a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. Hopkinton, Mass.-based PrismHR handles everything from payroll processing and human resources to health ins

SolarWinds has reported expenses of $3.5 million from last year's supply-chain attack, including costs related to incident investigation and remediation.Further expenses were recorded by SolarWinds after paying for legal, consulting, and other professional services related to the December hack and provided to customers for free.Additional costs expectedWhile

​Malaysia Airlines has suffered a data breach spanning nine years that exposed the personal information of members in its Enrich frequent flyer program.Starting yesterday, Malaysia Airlines began emailing members of their Enrich rewards program to disclose that they were affected by a data breach.Malaysia Airlines Enrich data breach notificationAccordi

Multiple Vulnerabilities in jpeg-xl===================================CVE: CVE-2021-27804Highest Severity Rating: HighConfirmed Affected Versions: jpeg-xl v0.3.1 and earlierVendor: Joint Photographic Experts Group (JPEG)Vendor URL: https://gitlab.com/wg1/jpeg-xlSummary and Impact------------------jpeg-xl is the reference implementation by the Joint Photograp

Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:https://malvuln.com/advisory/66ef21e8d1cf30dce6e084a9e306c18f.txtContact: malvuln13 () gmail comMedia: twitter.com/malvulnThreat: Backdoor.Win32.RemoteManipulator.fdoVulnerability: Insecure PermissionsDescription: The backdoor creates an insecure randomly named hidden dirwith a .tmp ext E.g.