February 2024 Patch Tuesday: Microsoft Patches 73 Flaws; 2 0Days
Feb14

February 2024 Patch Tuesday: Microsoft Patches 73 Flaws; 2 0Days

Microsoft has released patches to fix 73 flaws across its product suite on February 2024 Patch Tuesday, including 2 zero-day bugs that are being actively exploited in the wild. 5 of the vulnerabilities are rated critical, 65 are rated important, and three are rated moderate severity. Microsoft releases patches for its Chromium-based Edge browser separately and has issued 24 patches to fix vulnerabilities since January 2024 Patch...

Read More
Critical FortiOS SSL VPN Vulnerability Likely Being Exploited in Attacks
Feb09

Critical FortiOS SSL VPN Vulnerability Likely Being Exploited in Attacks

Fortinet has disclosed a new critical flaw in the FortiOS SSL VPN which is most likely already being exploited in the wild. The out-of-bounds write vulnerability – CVE-2024-21762 – in FortiOS can be exploited to execute arbitrary commands and code via specially crafted HTTPS requests and has a CVSS score of 9.6. The vulnerability is not present in FortiOS 7.6, but does affect the following versions: Version Affected Mitigations...

Read More
PRC Hackers Inside U.S. Critical Infrastructure Systems in Preparation for Devastating Cyberattacks
Feb08

PRC Hackers Inside U.S. Critical Infrastructure Systems in Preparation for Devastating Cyberattacks

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have issued an alert to all Federal agencies confirming that the People’s Republic of China (PRC) state-sponsored hacking actor Volt Typhoon has compromised multiple critical infrastructure providers in the United States and U.S. territories such as Guam. Other Chinese hacking groups also...

Read More
Ivanti Connect Secure and Policy Secure Vulnerability Under Mass Exploitation
Feb06

Ivanti Connect Secure and Policy Secure Vulnerability Under Mass Exploitation

A zero day vulnerability affecting Ivanti Connect Secure and Ivanti Policy Secure that was disclosed by Ivanti on January 31, 2023, is now under mass exploitation by multiple threat actors. The vulnerability is tracked as CVE-2024-21893 and is a server-side request forgery (SSRF) flaw that allows remote attackers to bypass authentication and access restricted resources on vulnerable devices. The vulnerability affects versions 9.x and...

Read More
AnyDesk Confirms Cyberattack and Breach of Production Environment
Feb05

AnyDesk Confirms Cyberattack and Breach of Production Environment

AnyDesk, one of the most popular remote desktop software providers with more than 170,000 customers globally, has recently confirmed it fell victim to a cyberattack. Hackers gained access to its production environment and stole source code and private code-signing keys. Suspicious activity was detected on their production servers and a security audit was initiated that confirmed the unauthorized access. Assisted by CrowdStrike,...

Read More
The Impact of Artificial Intelligence on Cybersecurity and Cyber Attacks
Jan24

The Impact of Artificial Intelligence on Cybersecurity and Cyber Attacks

Artificial intelligence (AI) is reshaping the cybersecurity landscape. A recent UK National Cyber Security Centre’s report highlights AI’s potential to significantly enhance cyber threats, especially in ransomware. AI’s adaptive and learning capabilities could lead to more sophisticated and targeted attacks, elevating threats to both national security and personal data privacy. Keypoints of the NCSC report on AI...

Read More
ScarCruft Intensifies Cyber Espionage, Targeting Cybersecurity Experts
Jan23

ScarCruft Intensifies Cyber Espionage, Targeting Cybersecurity Experts

In the constantly evolving cyber threat landscape, the North Korean APT group “ScarCruft” has emerged as a formidable adversary. The recent SentinelOne report unveils the sophisticated tactics and strategic targeting employed by ScarCruft, particularly its focus on cybersecurity professionals. What’s ScarCruft ? ScarCruft, also known as APT37 or Reaper, is a North Korean state-sponsored cyber espionage group. They are...

Read More
Inferno Drainer: A $80 million crypto heist and the rising threat of crypto-drainers
Jan19

Inferno Drainer: A $80 million crypto heist and the rising threat of crypto-drainers

The digital finance sector has witnessed a significant breach in 2023 with the advent of the Inferno Drainer campaign. Over the past year, this sophisticated phishing operation has illicitly acquired over $80 million in cryptocurrency, impacting 137,000 victims globally. By expertly imitating more than 100 cryptocurrency brands, the authors of Inferno Drainer have set a new precedent in the realm of digital financial fraud. Analyzing...

Read More
Mass Exploitation of Ivanti VPN and NAC Zero-Day Vulnerabilities Detected
Jan16

Mass Exploitation of Ivanti VPN and NAC Zero-Day Vulnerabilities Detected

On January 10, 2024, Ivanti disclosed two zero day vulnerabilities in Ivanti Connect Secure VPN and Policy Secure NAC appliances that have been actively exploited since December. The vulnerabilities were identified by security researchers at Volexity. According to the researchers, the vulnerabilities were exploited to deliver custom malware tools for espionage purposes. At the time, Ivanti said only a small number of customers had...

Read More
Ivanti Patches 13 Critical Avalanche Mobile Device Management Vulnerabilities
Dec21

Ivanti Patches 13 Critical Avalanche Mobile Device Management Vulnerabilities

Ivanti has released 22 patches to fix vulnerabilities in the Avalanche mobile device management solution, 13 of which are rated critical. Ivanti Avalanche is an enterprise MDM solution that can be used to manage more than 100,000 mobile devices, including tablets and warehouse scanners to keep them secured, available, and accessible. This week, Ivanti released Avalanche version 6.4.2 which addresses 22 flaws and hardens security. The...

Read More
Google Patches Actively Exploited Zero-Day Bug in Chrome
Dec21

Google Patches Actively Exploited Zero-Day Bug in Chrome

A high-severity zero day vulnerability in the Google Chrome browser is being actively exploited in the wild. The vulnerability is tracked as CVE-2023-7024 and is a heap buffer overflow in the WebRTC framework. The open source WebRTC framework is used by many web browsers to give them real-time communication capabilities. The vulnerability was identified by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group...

Read More
Microsoft Patches 34 Vulnerabilities and One 0Day on December Patch Tuesday
Dec13

Microsoft Patches 34 Vulnerabilities and One 0Day on December Patch Tuesday

December 2023 Patch Tuesday was light on fixes for vulnerabilities, with patches released for just 34 CVEs, including one zero-day vulnerability. The 34 vulnerabilities include four critical flaws, with the remainder rated important. These are in addition to several patches to fix flaws in Microsoft Edge that have been issued since November Patch Tuesday. The zero-day vulnerability was publicly disclosed in August 2023. The...

Read More
Max Severity OwnCloud Flaw Actively Exploited in the Wild
Nov28

Max Severity OwnCloud Flaw Actively Exploited in the Wild

A critical vulnerability in OwnCloud, a popular open-source self-hosted file synchronization and sharing solution, has started to be exploited by cyber actors. The vulnerability affects the Graphapi app, which relies on a third-party GetPhpinfo.php library that provides a URL. When the URL is accessed, it reveals the configuration of the PHP environment, which includes all of the environment variables of the webserver. In a...

Read More
Microsoft Patches 5 Zero-Days on November 2023 Patch Tuesday
Nov15

Microsoft Patches 5 Zero-Days on November 2023 Patch Tuesday

On November 2023 Patch Tuesday, Microsoft released patches to fix 63 vulnerabilities across its product suite, including 5 zero-day flaws, 3 of which are known to be actively exploited in the wild. Only 3 of the vulnerabilities have been rated critical, with 56 rated important, and four rated moderate severity. Microsoft has also released patches to fix 35 vulnerabilities in the Microsoft Edge browser since October 2023 Path Tuesday....

Read More
Feds Warn of Potential Rebrand of Royal Ransomware Group
Nov14

Feds Warn of Potential Rebrand of Royal Ransomware Group

A joint Cybersecurity Advisory> has been issued by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) that includes updated information on the tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IoCs) associated with the Royal ransomware group. Royal ransomware has been active since at least September 2022, and over the past 14 months is known to have...

Read More
Critical Atlassian Confluence Data Center and Server Vulnerability Exploited by Ransomware Gangs
Nov07

Critical Atlassian Confluence Data Center and Server Vulnerability Exploited by Ransomware Gangs

On October 31, 2023, Atlassian issued a security advisory about a critical vulnerability that affected all versions of Confluence Data Center and Server. The improper authorization vulnerability is tracked as CVE-2023-22518 and was assigned a CVSS severity score of 9.1 out of 10.  Successful exploitation of the vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account....

Read More

Four Zero-Day MS Exchange Flaws Identified that Allow RCE and Data Theft

Four zero-day vulnerabilities have been identified in Microsoft Exchange that can lead to the disclosure of sensitive information and even remote code execution. The flaws were discovered by security researchers at Trend Micro’s Zero Day Initiative (ZDI) and were reported to Microsoft on September 7th and September 8th, 2023. Despite knowing about the flaws for two months, patches have yet to be released to fix the flaws, as Microsoft...

Read More
25 LastPass Users Had $4.4 in Million in Crypto Stolen on October 25
Oct31

25 LastPass Users Had $4.4 in Million in Crypto Stolen on October 25

Cryptocurrency totaling $4.4 million was stolen from 25 individuals on October 25, 2023, who all had one thing in common – They were users of the LastPass password manager. LastPass suffered two data breaches in 2022, in which the hackers obtained source code and customer data. Password vaults were stolen that contained encrypted and plaintext information of more than 25 million users. At the time, LastPass CEO, Karim Toubba,...

Read More
1Password Says Okta Environment Compromised Using Stolen Session Cookie
Oct25

1Password Says Okta Environment Compromised Using Stolen Session Cookie

The password manager provider 1Password has announced it has been affected by the recent data breach at the San Francisco-based identity and access management company Okta. Okta was contacted by its client, BeyondTrust, on October 2, 2023, after its security team identified suspicious activity that it believed may have stemmed from a data breach at Okta. On October 11, 2023, Okta confirmed that an unauthorized individual had gained...

Read More
Cisco Warns of Actively Exploited Zero-Day IOS XE Vulnerability
Oct17

Cisco Warns of Actively Exploited Zero-Day IOS XE Vulnerability

Cisco has issued a security alert about an actively exploited critical zero-day vulnerability in its IOS XE software and is urging all customers to take immediate action to prevent exploitation of the flaw. The vulnerability is tracked as CVE-2023-20198 and has a maximum CVSS severity score of 10. According to Cisco, the privilege escalation vulnerability resides in the Web User Interface of Cisco IOS XE software when exposed to the...

Read More
Vulnerability in HTTP/2 Protocol Exploited in Record-Breaking DDoS Attacks
Oct11

Vulnerability in HTTP/2 Protocol Exploited in Record-Breaking DDoS Attacks

A zero-day vulnerability in the HTTP/2 protocol is being actively exploited by threat actors to launch massive DDoS attacks. Google, Cloudflare and Amazon Web Services (AWS) have all reported attacks exploiting the vulnerability and have recently issued security advisories. The DDoS attacks are the largest ever seen, with Google reporting an attack that peaked at 398 million requests per second (rps), which smashed the previous record...

Read More
October 2023 Patch Tuesday: 103 Flaws Fixed, including 3 Actively Exploited 0Days
Oct10

October 2023 Patch Tuesday: 103 Flaws Fixed, including 3 Actively Exploited 0Days

Microsoft released patches to fix 103 vulnerabilities across its product suite on October 2023 Patch Tuesday, including 3 zero-day vulnerabilities that are being actively exploited in the wild and 12 critical remote code execution flaws. An actively exploited information disclosure vulnerability in WordPad – CVE-2023-36563 – has been fixed. The vulnerability can be exploited to steal NTLM hashes when opening a document in...

Read More
LastPass Employees and Customers Targeted in Phishing Campaign
Oct04

LastPass Employees and Customers Targeted in Phishing Campaign

A widespread phishing campaign has been detected that is targeting LastPass employees and customers. The campaign was first detected in mid-September, and a second wave of phishing emails was sent at the end of the month. The aim of the campaign is to obtain LastPass credentials. If the credentials are obtained, the attackers will have access to users’ password vaults. LastPass offers users multifactor authentication; however, this...

Read More
ZenRAT Password Stealer Masquerades as Bitwarden Password Manager Installer
Oct04

ZenRAT Password Stealer Masquerades as Bitwarden Password Manager Installer

Password managers can greatly improve security and are one of the measures currently being promoted during Cybersecurity Awareness Month; however, care must be taken when installing password managers. Just like any software solution downloaded from the Internet, it is important to verify the authenticity of the website and installer. Cybercriminals may impersonate password manager providers to deliver malware. Password managers are...

Read More
Four Behaviors to Focus on During Cybersecurity Awareness Month
Oct02

Four Behaviors to Focus on During Cybersecurity Awareness Month

October is Cybersecurity Awareness Month – A month dedicated to raising awareness of the importance of cybersecurity and sharing some of the easy steps that everyone can take to improve privacy and security. Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is encouraging all Americans to stop and think before taking any action, whether online or in response to unsolicited text messages,...

Read More
Apple Releases Emergency Patches to Fix 3 Actively Exploited Zero-Day Vulnerabilities
Sep22

Apple Releases Emergency Patches to Fix 3 Actively Exploited Zero-Day Vulnerabilities

Apple has released emergency patches to address three zero-day vulnerabilities that are being actively exploited in the wild in attacks on iPhone and Mac users. A vulnerability – CVE-2023-41991 – in the Apple security framework could be exploited to allow a malicious app to bypass signature validation. A vulnerability has been identified in the WebKit browser engine – CVE-2023-41993 – that could be exploited via a...

Read More
Google Releases Emergency Chrome Patch for Actively Exploited Zero Day Vulnerability
Sep13

Google Releases Emergency Chrome Patch for Actively Exploited Zero Day Vulnerability

Google has released an emergency patch to fix an actively exploited vulnerability in its Chrome browser. The vulnerability, tracked as CVE-2023-4863, is a heap buffer overflow issue in the WebP code library. This type of vulnerability results in more data being written for a memory buffer than the buffer is able to hold, which can result in an application crashing or code execution. While Google has confirmed that there is an exploit...

Read More
Microsoft Patches 2 Actively Exploited Vulnerabilities on September 2023 Patch Tuesday
Sep13

Microsoft Patches 2 Actively Exploited Vulnerabilities on September 2023 Patch Tuesday

September 2023 Patch Tuesday has seen Microsoft release patches to fix 59 vulnerabilities across its product suite, including two actively exploited vulnerabilities. 5 flaws are rated critical, 55 are rated important, 1 is rated moderate, and the severity of 5 is unknown. The actively exploited vulnerabilities are: CVE-2023-36802 – Microsoft Streaming Service Proxy elevation of privilege vulnerability that allows attackers to gain...

Read More
Apache RocketMQ Vulnerability Actively Exploited by Multiple Threat Actors
Sep11

Apache RocketMQ Vulnerability Actively Exploited by Multiple Threat Actors

A critical vulnerability in the Apache RocketMQ distributed messaging and streaming platform is being exploited by multiple threat actors. The vulnerability is tracked as CVE-2023-33246 and affects RocketMQ versions 5.1.0 and earlier. The command injection vulnerability can be exploited without authentication and has a CVSS v 3.1 severity score of 9.8. The vulnerability can be exploited by using the update configuration function to...

Read More
HijackLoader Malware Loader Proving Popular with Cybercriminals
Sep11

HijackLoader Malware Loader Proving Popular with Cybercriminals

Security researchers at Zscaler ThreatLabz have identified a new malware loader called HijackLoader which is proving popular within the cybercriminal community. The malware is being used to infect devices with several different malware payloads, including DanaBot, SystemBC, and the RedLine Stealer. The Zscaler ThreatLabz team has yet to establish which initial access vectors are used to distribute the malware. HijackLoader is a...

Read More
QakBot Botnet Dismantled and 700,000 Infected Devices Cleaned
Sep04

QakBot Botnet Dismantled and 700,000 Infected Devices Cleaned

The U.S. Federal Bureau of Investigation (FBI) and the U.S. Department of Justice have recently announced that the QakBot malware network has been successfully dismantled and around 700,000 computers that had been infected with the malware have been cleaned. QakBot (aka QBot/Quackbot/Pinkslipbot) is a second-stage modular malware that was initially a banking Trojan and an information stealer, to which backdoor and self-propagation...

Read More
WinRAR Vulnerability Can Be Exploited to Achieve RCE
Aug22

WinRAR Vulnerability Can Be Exploited to Achieve RCE

A high-severity WinRAR vulnerability has been identified that can be exploited to achieve remote code execution on Windows systems. The vulnerability is tracked as CVE-2023-40477 and has a CVSS severity score of 7.8 out of 10 since user interaction is required for the vulnerability to be exploited. The vulnerability is due to improper validation of user-supplied data, which can cause memory access beyond the end of an allocated...

Read More
Critical Ivanti Sentry Vulnerability Under Active Exploitation
Aug22

Critical Ivanti Sentry Vulnerability Under Active Exploitation

A critical vulnerability in Ivanti Sentry (MobileIron Sentry) is being actively exploited in the wild. The vulnerability is an authentication bypass issue and is tracked as CVE-2023-38035. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 out of 10 and affects version 9.18 and earlier versions. The endpoint management product is used to manage, encrypt, and secure traffic between mobile devices and back-end enterprise...

Read More
Microsoft Fixes 70+ Flaws and 2 Actively Exploited 0Day Bugs
Aug09

Microsoft Fixes 70+ Flaws and 2 Actively Exploited 0Day Bugs

August 2023 Patch Tuesday has seen Microsoft release patches for more than 70 vulnerabilities, including two zero-day bugs that are being actively exploited in the wild. These vulnerabilities are in addition to the vulnerabilities in Microsoft Edge (Chromium) that were patched earlier this month. The latest patches include fixes for 6 critical flaws, 68 important flaws, and one rated moderate. Both of the zero-day bugs are being...

Read More
Patch Released for Another Critical Flaw in PaperCut MF/NG
Aug07

Patch Released for Another Critical Flaw in PaperCut MF/NG

Another zero-day vulnerability has been identified in PaperCut MF/NG print management software. The vulnerability is tracked as CVE-2023-39143 and has been rated critical with a CVSS v3.1 base score of 9.8/10. Successful exploitation of the flaw would allow an unauthenticated attacker to read/write arbitrary files, and depending on the configuration, achieve remote code execution. Most configurations have this setting enabled and are...

Read More
Five Eyes Cybersecurity Agencies Reveal Top Vulnerabilities Exploited in 2022
Aug04

Five Eyes Cybersecurity Agencies Reveal Top Vulnerabilities Exploited in 2022

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and their international cybersecurity partners in Australia, Canada, New Zealand, and the United Kingdom have issued a joint cybersecurity advisory about the top Common Vulnerabilities and Exposures (CVEs) that were exploited by malicious actors in 2022. One takeaway from the list is that while recently...

Read More
Russian Threat Actor Conducting Convincing Phishing Campaign via Microsoft Teams
Aug03

Russian Threat Actor Conducting Convincing Phishing Campaign via Microsoft Teams

The Russian cyber threat actor Midnight Blizzard (Nobelium, APT29, UNC2452, Cozy Bear) is conducting a highly targeted phishing and social engineering campaign via Microsoft Teams to gain persistent access to Microsoft 365 environments. The United States and the United Kingdom believe Midnight Blizzard to be part of the Foreign Intelligence Service of the Russian Federation (SVR). The threat actor seeks persistent access to networks...

Read More
High Severity Vulnerabilities Identified in Ninja Forms WordPress Plugin
Jul28

High Severity Vulnerabilities Identified in Ninja Forms WordPress Plugin

Three high-severity vulnerabilities have been identified in a popular form builder plugin for WordPress – Ninja Forms – with over 900,000 active installations.  The vulnerabilities were identified by researchers at Patchstack who disclosed the vulnerabilities to the plugin developer – Saturday Drive – on June 22, 2023. Saturday Drive released an updated version of the plugin – v3.6.26 – on July 4, 2023, which...

Read More

Patch Released for Actively Exploited Flaw in Citrix/NetScaler ADC and Gateway

Patches have been released to fix three vulnerabilities in NetScaler Application Delivery Controller (ADC) and Gateway (Citrix ADC and Citrix Gateway), including one critical vulnerability that is being actively exploited in the wild. The actively exploited vulnerability is tracked as CVE-2023-3519 and has a CVSS v3.1 severity score of 9.8/10. The flaw can be exploited remotely by an unauthenticated attacker to execute arbitrary code...

Read More
Critical Zimbra Zero-Day Flaw Actively Exploited in Targeted Attacks
Jul14

Critical Zimbra Zero-Day Flaw Actively Exploited in Targeted Attacks

Zimbra has urged all users of the Zimbra Collaboration Suite to take immediate action to address a critical vulnerability that is being actively exploited in targeted attacks. Around 200,000 businesses currently use the email and collaboration platform and are at risk until the patch is applied or the recommended mitigations have been implemented. Version 8.8.15 of the Zimbra Collaboration Suite has a vulnerability that impacts the...

Read More
Urgent Patching Required to Fix Critical and High-Severity SonicWall GMS/Analytics Flaws
Jul13

Urgent Patching Required to Fix Critical and High-Severity SonicWall GMS/Analytics Flaws

SonicWall has released patches to fix 15 vulnerabilities in its Global Management System (GMS) firewall management and Analytics solutions, including 4 critical and 4 high-severity flaws. The critical flaws could be exploited by a malicious actor to bypass authentication, which would permit access to any information the application is permitted to access, including sensitive data belonging to other users. An attacker could modify,...

Read More
Microsoft Addresses 132 Vulnerabilities on July 2023 Patch Tuesday
Jul11

Microsoft Addresses 132 Vulnerabilities on July 2023 Patch Tuesday

It’s been a busy month for Microsoft with 132 vulnerabilities addressed on July 2023 Patch Tuesday. This month’s haul includes 9 CVEs that are rated critical, 122 rated important, and 6 zero-day flaws. 37 of the vulnerabilities are remote code execution flaws and 33 are privilege escalation flaws. Microsoft also released a batch of 8 patches to address vulnerabilities in Microsoft Edge late last month but has yet to release any...

Read More

TrueBot Malware Campaign Uses Phishing and Netwrix Auditor Exploit for Malware Delivery

Organizations in the United States and Canada are being targeted in a TrueBot malware campaign that uses phishing emails with malicious hyperlinks and a remote code execution vulnerability in Netwrix Auditor for distributing the malware – CVE-2022-31199. TrueBot malware is known to be used by the FIN11 threat group for gaining initial access to victims’ networks. Once a foothold has been established through the installation of...

Read More
Meduza Stealer Malware Targets Password Managers and Crypto Wallets
Jul04

Meduza Stealer Malware Targets Password Managers and Crypto Wallets

Meduza stealer is a new information stealer that is being heavily marketed on dark web hacking forums and Telegram channels. The malware, which is being offered for a 1-month, 3-month, or lifetime plan, has comprehensive capabilities and is under active development. The malware targets Windows systems and is capable of stealing a wide range of data, including system information, login credentials, browsing histories, cookies, and...

Read More
Critical FortiNAC RCE Vulnerability Patched by Fortinet
Jun27

Critical FortiNAC RCE Vulnerability Patched by Fortinet

A critical vulnerability in FortiNAC network access control solutions has been patched by Fortinet. Successful exploitation of the flaw would allow an attacker to remotely execute arbitrary code. The vulnerability is tracked as CVE-2023-33299 and has a CVSS severity score of 9.6/10. Fortinet’s FortiNAC is a zero-trust access solution that is used to view devices and users on the network, giving admins granular control over network...

Read More
CISA Warns Critical Zyxel NAS Vulnerability is Being Actively Exploited
Jun27

CISA Warns Critical Zyxel NAS Vulnerability is Being Actively Exploited

A critical vulnerability in Zyxel network-attached storage (NAS) devices is being exploited in attacks, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability is tracked as CVE-2023-27992 and affects Zyxel NAS326, NAS540, and NAS542 devices running firmware version 5.21 and earlier versions. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 out of 10. Successful exploitation of...

Read More
NSA Publishes BlackLotus Mitigation Guide
Jun26

NSA Publishes BlackLotus Mitigation Guide

The U.S. National Security Agency (NSA) has published a mitigation guide for BlackLotus malware. BlackLotus is a UEFI bootkit that is planted in the firmware of an infected device. Bootkits load at the initial stage of the boot process, before operating systems are loaded, and are not typically identified by security solutions. Further, the developer claims that security software cannot detect and kill the bootkit since it runs under...

Read More

BlackCat Ransomware Group Threatens to Leak Data Stolen in Reddit Cyberattack

The BlackCat ransomware group, aka ALPHV, claims it stole 80GB of data in a Reddit cyberattack in February 2023, and is now threatening to leak the stolen data if Reddit doesn’t pay up. The attack in question, according to a February 9, 2023, announcement by Reddit, started with a phishing attempt on an employee that allowed the group to steal credentials that provided access to sensitive data. Reddit said the stolen data includes...

Read More
Progress Software Urges Immediate Patching of New MOVEit Transfer Vulnerability
Jun16

Progress Software Urges Immediate Patching of New MOVEit Transfer Vulnerability

Progress Software has issued a security advisory about another zero-day bug in its MOVEit Transfer file transfer solution that requires immediate mitigation. The flaw can be exploited to escalate privileges and potentially allow access to customers’ environments. Progress Software released a patch to fix the vulnerability, tracked as CVE-2023-35708, on June 15, 2023; however, patches for two previous zero-day vulnerabilities should be...

Read More
June 2023 Patch Tuesday: Microsoft Patches 78 Flaws; 6 Critical
Jun13

June 2023 Patch Tuesday: Microsoft Patches 78 Flaws; 6 Critical

Microsoft has fixed 78 vulnerabilities on June 2023 Patch Tuesday bringing the month’s total up to 94 including the 16 vulnerabilities in Chromium-based browsers that were patched on June 2, 2023. None of this month’s patches address vulnerabilities that are currently being exploited in the wild nor are any fixes included for zero-day bugs. This month’s updates address 6 flaws that have been rated critical and 70 vulnerabilities that...

Read More

Patch Released for Critical Fortinet FortiGate SSL-VPN RCE Vulnerability

Fortinet has released a patch to fix a critical remote code execution vulnerability in its FortiGate SSL-VPN devices. The vulnerability can be exploited pre-authentication, allowing a remote attacker to interfere with the VPN. The flaw can be exploited even if multi-factor authentication is activated, according to the French cybersecurity firm, Olympe Cyberdefense. If the remote web interface is exposed and the firmware is not updated...

Read More
Verizon 2023 DBIR: DoS Attacks Dominate 2022 Cyberattacks and BEC Attacks Double
Jun08

Verizon 2023 DBIR: DoS Attacks Dominate 2022 Cyberattacks and BEC Attacks Double

The recently published Verizon 2023 Data Breach Investigations Report provides insights into the tactics, techniques, and procedures that cyber actors are using to gain access to networks to achieve their objectives. The data for the report comes from security incidents and data breaches between Nov. 1, 2021, to Oct. 31, 2022, which this year includes 953,894 security incidents and 254,968 confirmed breaches, including more than...

Read More

Security Agencies Issue Warning About North Korean Spear Phishing Campaigns

Intelligence and law enforcement agencies in the United States and South Korea have issued a warning about the North Korean state-sponsored hacking group Kimsuky (aka APT43, Thallium, and Velvet Chollima), which has been targeting individuals in research centers, think tanks, academic institutions, and news media organizations in spear phishing campaigns, often posing as journalists, academics, and other individuals with credible...

Read More
Barracuda Email Security Gateway Flaw Exploited in Limited Attacks
May25

Barracuda Email Security Gateway Flaw Exploited in Limited Attacks

A zero-day vulnerability in Barracuda’s Email Security Gateway (ESG) appliances has been targeted by hackers, resulting in some customers’ appliances being compromised. The vulnerability was identified by Barracuda on May 19, 2023, and patches were rapidly developed to fix the issue, which were released on May 20 and May 21. Barracuda said only the vulnerability was only exploited on a subset of ESG appliances, and not all users have...

Read More
KeePass Vulnerability Allows Master Passwords to be Obtained from the Memory
May23

KeePass Vulnerability Allows Master Passwords to be Obtained from the Memory

A vulnerability has been identified in KeePass password management solution that allows an attacker to recover the cleartext master password from the memory if the password is typed in using the keyboard. The password cannot be obtained if it is copied from the clipboard. The vulnerability has been assigned the Common Vulnerability and Exposure code, CVE-2023-32784. KeePass has yet to issue a patch to address the flaw but is expected...

Read More
New Ransomware Actor Targeting Critical Infrastructure Firms
May17

New Ransomware Actor Targeting Critical Infrastructure Firms

A new ransomware gang has emerged that has been conducting attacks on critical infrastructure organizations in the United States and South Korea. RA Group has been operating since late April 2023 and uses a new ransomware based on Babuk ransomware source code that was leaked on a Russian hacking forum in 2021. The attacks conducted by the group used an executable file that was named after the victim, and each of the attacks involved a...

Read More
4 Out of 10 Medical Devices Have Unpatched Critical Vulnerabilities
Apr27

4 Out of 10 Medical Devices Have Unpatched Critical Vulnerabilities

A new report from the cybersecurity firm Armis has identified the riskiest connected medical devices used by hospitals in the United States. Connected medical devices are a security weak point, and each year many new vulnerabilities are detected. One of the main problems for healthcare organizations is keeping on top of patching, which can be a challenge for connected medical devices as they are constantly in use. One of the biggest...

Read More
Exploit Released for Critical PaperCut Vulnerability: Exploitation Detected
Apr26

Exploit Released for Critical PaperCut Vulnerability: Exploitation Detected

An exploit has been released for a critical vulnerability in the widely used print management software PaperCut, which is used by more than 700,000 organizations worldwide and has over 100 million installs. The vulnerability is tracked as CVE-2023–27350 and has a CVSS v3 severity score of 9.8 out of 10. The flaw can be exploited by a remote attacker to bypass authentication on affected installations of PaperCut and execute arbitrary...

Read More
Android Privilege Escalation Bug Exploited to Spy on Chinese E-Commerce App Users
Apr17

Android Privilege Escalation Bug Exploited to Spy on Chinese E-Commerce App Users

A high-severity vulnerability in Android devices is being actively exploited to spy on users of a popular Chinese e-commerce app, according to a recent alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability is a privilege escalation bug in WorkSource, which affects Android-11, Android-12, Android-12L, Android-13, and Android ID: A-220302519. The flaw is tracked as CVE-2023-20963, has a CVSS v3...

Read More
Microsoft Fixes 97 Vulnerabilities Including an Actively Exploited Windows 0Day Bug
Apr12

Microsoft Fixes 97 Vulnerabilities Including an Actively Exploited Windows 0Day Bug

Microsoft released patches to fix 97 vulnerabilities on April 2023 Patch Tuesday including a Windows zero-day privilege execution vulnerability in the Windows Common Log File System (CLFS) driver. Seven of the month’s vulnerabilities have been rated critical, and the remaining 90 have been rated important. 17 flaws were also patched earlier this month for Microsoft Edge and Chromium-based browsers. The zero-day vulnerability is...

Read More
Apple Releases Patches for 2 Actively Exploited Zero-Day Flaws
Apr11

Apple Releases Patches for 2 Actively Exploited Zero-Day Flaws

Apple has released patches to fix two zero-day vulnerabilities that can be exploited to execute arbitrary code on unpatched iPhones, iPads, and Macs. Apple has received reports that indicate the vulnerabilities are being actively exploited in the wild. The first flaw is tracked as CVE-2023-28206 and is an out-of-bounds write vulnerability in the IOSurfaceAccelerator framework that is due to insufficient input validation. The...

Read More
U.S. Companies Warned About BEC Campaign Seeking Bulk Goods Purchases
Mar29

U.S. Companies Warned About BEC Campaign Seeking Bulk Goods Purchases

The Federal Bureau of Investigation (FBI) has recently issued a warning to vendors in the United States following an increase in a form of business email compromise attack that attempts to fraudulently obtain high-value goods. Business email compromise (BEC) is one of the most financially damaging forms of cybercrime. According to the FBI, its Internet Crime Complaint Center (IC3) received 21,832 complaints about BEC attacks in 2021,...

Read More
Critical IBM Aspera Faspex Vulnerability Being Exploited by Ransomware Gangs
Mar29

Critical IBM Aspera Faspex Vulnerability Being Exploited by Ransomware Gangs

Ransomware gangs are targeting a critical vulnerability in the IBM Aspera Faspex application to gain access to enterprise networks. Aspera is a file-exchange application used by enterprises to rapidly transfer large files or large volumes of files. The application is based on IBM’s Fast, Adaptive, and Secure Protocol (FASP), which intelligently uses available network bandwidth to transfer files to shared inboxes, workgroups, or...

Read More
Emotet Returns with Campaign Using OneNote Email Attachments
Mar21

Emotet Returns with Campaign Using OneNote Email Attachments

After a hiatus of around 3 months, the Emotet botnet sprung back to life and is sending large volumes of malicious emails. Initially, the email campaigns had Word and Excel file attachments and used macros to deliver the Emotet Trojan. The problem with this approach is Microsoft now disables macros by default in Internet-delivered Office files, which means Office documents and spreadsheets are no longer effective for malware delivery....

Read More
March 2023 Patch Tuesday: Microsoft Fixes 83 Flaws, Including 2 Zero-Day Bugs
Mar15

March 2023 Patch Tuesday: Microsoft Fixes 83 Flaws, Including 2 Zero-Day Bugs

Microsoft released patches to fix 83 vulnerabilities on March 2023 Patch Tuesday, including two actively exploited zero-day flaws, one in Outlook and one in Windows SmartScreen. This month’s round of updates includes patches for 9 critical flaws, 70 important issues, 1 moderate flaw, and three Mariner flaws where the severity is unknown. A further 21 vulnerabilities in Chromium-based browsers were addressed in an update on...

Read More
Trezor Confirms Customers Being Targeted in Phishing Campaign
Mar02

Trezor Confirms Customers Being Targeted in Phishing Campaign

Trezor users are being targeted in a multi-channel phishing campaign that attempts to trick them into disclosing their recovery seeds, which will allow their wallets to be stolen. Trezor provides hardware-based wallets for cryptocurrency, which are a more secure way of storing cryptocurrency than software-based wallets; however, that does not mean cryptocurrency cannot be stolen. Users are provided with a 12-24-character seed or...

Read More

FBI Says New York Field Office Cyber Intrusion Has Been Contained

Hackers have taken a rather bold step by hacking into a computer system used by the Federal Bureau of Investigation (FBI) New York Field Office. The cyberattack was first reported by CNN on Friday, and the FBI has now reported that the intrusion has been successfully contained and that it was an isolated incident, although the investigation into the scope and overall impact of the intrusion is ongoing. CNN reported that the computer...

Read More
HardBit 2.0 Ransomware Actors Request Insurance Details to Tailor Ransom Demands
Feb21

HardBit 2.0 Ransomware Actors Request Insurance Details to Tailor Ransom Demands

The HardBit ransomware gang has recently updated its ransomware to version 2.0 and has adopted a new tactic when extorting victims – Convincing them that it is in their best interests to disclose information about their cyber insurance policy. The operators try to find out how much the insurance company will cover and will set their ransom demand accordingly. The aim is to get the biggest payout possible and ensure the insurance...

Read More
Zero-Day GoAnywhere MFT Vulnerability Exploited by Clop Ransomware Gang
Feb14

Zero-Day GoAnywhere MFT Vulnerability Exploited by Clop Ransomware Gang

A zero-day vulnerability in the GoAnywhere MFT secure file transfer tool has allegedly been exploited by the Clop ransomware gang to attack more than 130 organizations. The vulnerability – CVE-2023-0669 – can be remotely exploited to gain access to unpatched GoAnywhere MFT instances that have their admin console exposed to the Internet. Successful exploitation of the flaw will allow arbitrary code to be executed. BleepingComputer says...

Read More
Massive Global Ransomware Campaign Hits Thousands of VMWare ESXi Servers
Feb06

Massive Global Ransomware Campaign Hits Thousands of VMWare ESXi Servers

A massive ransomware campaign exploiting a 2-year-old vulnerability in VMWare ESXi servers has seen more than 3,200 servers attacked since Friday. An unknown threat actor is exploiting the flaw to deliver a new ransomware variant dubbed ESXiArgs, named after the .args extension used for encrypted files. The new ransomware uses the sosemanuk algorithm to encrypt files, which is relatively rare. This algorithm was used by Babuk...

Read More
Spate of DDoS Attacks on Hospitals as Hacktivist Group Responds to Increased Support for Ukraine
Feb01

Spate of DDoS Attacks on Hospitals as Hacktivist Group Responds to Increased Support for Ukraine

Healthcare providers in the United States and other NATO countries have been warned about the risk of distributed denial of service (DDoS) attacks by the Russian hacktivist group Killnet. More than a dozen hospitals and health systems in the United States have been attacked over the past few days, including Stanford Healthcare, University of Michigan Health, University of Pittsburg Medical Center, Duke University Hospital, Buena Vista...

Read More
QNAP Warns of Critical Vulnerability in its NAS Devices
Jan31

QNAP Warns of Critical Vulnerability in its NAS Devices

The network-attached storage (NAS) device maker QNAP has warned customers about a critical remote code injection vulnerability affecting devices running QTS or QuTS hero firmware and has urged users to update the firmware immediately to prevent exploitation of the flaw, which has been assigned a CVSS severity score of 9.8/10 The vulnerability, tracked as CVE-2022-27596, can be exploited remotely on Internet-exposed QNAP devices...

Read More
Unskilled Cybercriminals Could Use ChatGPT for Phishing Emails and Malware
Jan18

Unskilled Cybercriminals Could Use ChatGPT for Phishing Emails and Malware

Last month, OpenAI launched an AI-based system called ChatGPT that is capable of answering queries and generating natural language text, which can be used for essays, emails, articles, blog posts, resumes, wedding speeches, poems, song lyrics, and even computer code. Google was so alarmed at the capability of the solution to write web content that it issued a code-red to protect its search business, and there is genuine concern that...

Read More
Norton LifeLock Customers Warned that Password Vaults May be At Risk
Jan17

Norton LifeLock Customers Warned that Password Vaults May be At Risk

The antivirus software and cybersecurity firm Norton has recently started notifying certain Norton LifeLock customers that a malicious actor has gained access to their Norton accounts and potentially also accessed their password vaults. Users have been advised to change the password for their Norton account and Password Manager immediately. The news comes shortly after one of the world’s most popular password managers – LastPass...

Read More
January 2023 Patch Tuesday: Microsoft Fixes Almost 100 Vulnerabilities, 1 Exploited 0Day
Jan10

January 2023 Patch Tuesday: Microsoft Fixes Almost 100 Vulnerabilities, 1 Exploited 0Day

Patches have been released to fix almost 100 vulnerabilities on January 2023 Patch Tuesday, including one actively exploited zero-day Windows Advanced Local Procedure Call (ALPC) elevation of privilege vulnerability and another zero-day that has been publicly disclosed. In total, 98 vulnerabilities have been fixed, 11 of which are rated critical, 7 of which are remote code execution vulnerabilities and 4 are elevation of privilege...

Read More
Zoho: Patch This Critical ManageEngine Vulnerability Now!
Jan05

Zoho: Patch This Critical ManageEngine Vulnerability Now!

A critical SQL injection vulnerability has been identified in multiple Zoho ManageEngine products. Zoho is urging all business users of the affected software solutions to patch the vulnerability immediately to prevent exploitation. The patch adds proper validation and escaping special characters to prevent the vulnerability from being exploited. The vulnerability is tracked as CVE-2022-47523 and affects its Password Manager Pro,...

Read More
Hacker Claims to Have Scraped the Data of 400 Million Twitter Users
Dec30

Hacker Claims to Have Scraped the Data of 400 Million Twitter Users

A hacker has recently posted a listing on a popular hacking forum advertising a data set that includes the public and private data of approximately 400 million Twitter users. The data was allegedly obtained by exploiting an API vulnerability in 2021 that has since been patched. The same vulnerability was exploited previously in a 5.4 million record data breach – one which the Irish Data Protection Commission has just started...

Read More
Chinese APT Actor Activity Exploiting Critical Flaw in Citrix ADC and Citrix Gateway
Dec20

Chinese APT Actor Activity Exploiting Critical Flaw in Citrix ADC and Citrix Gateway

U.S. federal authorities are urging Citrix ADC and Citrix Gateway users to patch an unauthenticated remote code execution vulnerability that is being actively exploited by Chinese state-sponsored hackers. The vulnerability – tracked as CVE-2022-27518 – is a critical Citrix Application Delivery Controller (ADC) and Gateway Authentication bypass vulnerability with a CVSS v3 base score of 9.8 out of 10. An unauthenticated...

Read More
Almost 50 Bugs Fixed by Microsoft on December 2022 Patch Tuesday, Including 2 Zero-days
Dec14

Almost 50 Bugs Fixed by Microsoft on December 2022 Patch Tuesday, Including 2 Zero-days

December 2022 Patch Tuesday sees Microsoft release patches to fix 49 flaws across its product suite, including fixes for two zero-day flaws, one of which is being actively exploited in the wild. Six of the vulnerabilities are rated critical, 40 are rated important, and 2 are moderate. 13 of the flaws have been rated as “more likely to be exploited”.  Patches were also released to fix 24 vulnerabilities in Microsoft Edge earlier this...

Read More
TrueBot Malware Infections Spike and Link to Evil Corp is Confirmed
Dec12

TrueBot Malware Infections Spike and Link to Evil Corp is Confirmed

Security researchers at Cisco Talos say there has been a marked increase in infections with TrueBot malware and the creation of two botnets, one focused on the United States and the other worldwide, with a particular focus on Mexico and Brazil. TrueBot malware, aka Silence downloader, is linked to the Silence Group, a group that has been active since at least 2016 and is known to conduct high-impact targets on financial institutions....

Read More
Rackspace Confirms Hosted Exchange Outage Caused by a Ransomware Attack
Dec07

Rackspace Confirms Hosted Exchange Outage Caused by a Ransomware Attack

The cloud computing company Rackspace has confirmed that its ongoing Hosted Exchange outage was the result of a ransomware attack. The attack was detected on December 2, with the Texas-based company confirming proactive measures were taken to contain the breach by isolating its Hosted Exchange environment, with the investigation confirming this was a ransomware attack. At this early stage of the investigation, it has yet to be...

Read More
Warning Issued About Possible Expansion of Destructive Cyberattacks Beyond Ukraine’s Borders
Dec05

Warning Issued About Possible Expansion of Destructive Cyberattacks Beyond Ukraine’s Borders

A hybrid war is being waged in Ukraine involving conventional military operations and non-military methods such as cyberattacks on critical infrastructure and private companies. While Moscow continues to deny conducting cyberattacks as part of the war efforts, governments in the United States and Europe have attributed the escalating number of cyberattacks on the Ukrainian government and private companies in Ukraine to Russian...

Read More
LastPass Suffers Second Hacking Incident – Some Customer Data Compromised
Nov30

LastPass Suffers Second Hacking Incident – Some Customer Data Compromised

In August 2022, hackers gained access to the development environment of LastPass and stole some of its source code and proprietary technical information only. LastPass investigated the breach and confirmed that no customer information was accessed or stolen in the attack, but determined they had access to the development environment for 4 days. Now the world’s most popular password manager has now announced that customer data has been...

Read More
CISA Releases Updated Version of its Infrastructure Resilience Planning Framework
Nov25

CISA Releases Updated Version of its Infrastructure Resilience Planning Framework

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an updated version of its Infrastructure Resilience Planning Framework (IRPF). The IRPF was developed to be used by state, local, tribal and territorial (SLTT) planners to improve the resilience of critical infrastructure services in the face of multiple threats and changes, to ensure services that are vital to the social and economic well-being of the...

Read More
Multiple Threat Actors Exploiting Windows 0Day That Prevents Generation of MotW Warnings
Nov22

Multiple Threat Actors Exploiting Windows 0Day That Prevents Generation of MotW Warnings

A phishing campaign has been detected that exploits a zero-day Windows vulnerability to drop Qbot malware, a password-stealing Trojan cum malware dropper. QBot has been observed delivering the Brute Ratel and Cobalt Strike post-exploitation tool kits, and ransomware payloads such as Egregor and Black Basta. When files are downloaded from the Internet from untrusted locations, a Mark of the Web attribute is added to the files that...

Read More
FBI, CISA, HHS Issue Warning About Hive Ransomware Attacks
Nov21

FBI, CISA, HHS Issue Warning About Hive Ransomware Attacks

A joint security alert has been issued to the healthcare and public health sector (HPH) warning about Hive ransomware attacks. The Hive ransomware gang has been aggressively targeting the HPH sector since at least June 2021. According to the alert, the group has generated more than $100 million in ransom payments and has attacked more than 1,300 companies. Several industry sectors have been targeted by the gang, including Government...

Read More
Iranian APT Actor Breached US Government Organization Using Log4Shell Exploit
Nov17

Iranian APT Actor Breached US Government Organization Using Log4Shell Exploit

An Iranian Advanced Persistent Threat (APT) actor has exploited the Log4Shell vulnerability (CVE-2021-44228) in an unpatched VMware Horizon server of a Federal Civilian Executive Branch (FCEB) organization, according to a recent alert from the Cybersecurity and Infrastructure Security Agency (CISA). CISA and the Federal Bureau of Investigation launched an investigation into suspected APT activity in mid-June 2022. The investigation...

Read More
CISA Issues Guidance on Vulnerability Categorization, Prioritization, and Management
Nov14

CISA Issues Guidance on Vulnerability Categorization, Prioritization, and Management

Many organizations struggle with vulnerability management due to the number and complexity of new resources and limited resources to devote to remediating vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently issued guidance to help organizations improve vulnerability management by implementing an efficient process for assessing and remediating vulnerabilities. Large organizations generally...

Read More
Six Actively Exploited Zero Day Vulnerabilities Patched by Microsoft on November Patch Tuesday
Nov09

Six Actively Exploited Zero Day Vulnerabilities Patched by Microsoft on November Patch Tuesday

Microsoft released patches to fix 68 vulnerabilities on November 2022 Patch Tuesday, 11 of which are rated critical with the remainder rated important. This round of patches includes fixes for six zero-day vulnerabilities that are being actively exploited in real-world attacks. Two of the zero-day flaws – CVE-2022-41082 (EoP – important) & CVE-2022-41040 (RCE – critical) – have been dubbed ProxyNotShell and...

Read More
MFA Bypassed in Dropbox Phishing Attack Targeting GitHub Credentials
Nov04

MFA Bypassed in Dropbox Phishing Attack Targeting GitHub Credentials

Dropbox has announced that it has suffered a phishing-related data breach in which hackers gained access to proprietary code stored in GitHub repositories. The San Francisco-based file hosting service provider said customer accounts were not compromised, but hackers gained access to 130 code repositories on GitHub using credentials stolen from employees after they responded to phishing emails. Dropbox said no user content, passwords,...

Read More
U.S News Websites Delivering Malware Through Compromised Third-Party JavaScript Code
Nov03

U.S News Websites Delivering Malware Through Compromised Third-Party JavaScript Code

A media company that provides video content and advertising on the websites of major news outlets in the United States has been compromised, and its infrastructure is being used to push the SocGholish JavaScript malware framework out to hundreds of newspapers in the United States. According to cybersecurity firm Proofpoint, more than 250 U.S. news outlets have had the malicious code intermittently displayed on their websites. Some of...

Read More
OpenSSL Vulnerability Downgraded from Critical to High Severity
Nov01

OpenSSL Vulnerability Downgraded from Critical to High Severity

On October 25, 2022, a warning was issued about a critical vulnerability in OpenSSL that had the potential to be as bad as the 2014 Heartbleed bug. No information was released at the time about the nature of the flaw, other than it being a critical flaw in OpenSSL versions 3.0-3.0.6, and that a patch was due to be released on November 1 between 13:00 and 17:00 UTC. The OpenSSL Project has now confirmed that two vulnerabilities have...

Read More
Apple Fixes Actively Exploited 0Day Vulnerability Affecting iPhones and iPads
Oct26

Apple Fixes Actively Exploited 0Day Vulnerability Affecting iPhones and iPads

Apple has released a batch of security updates to fix known vulnerabilities in its iOS operating system, including a fix for zero-day iOS vulnerability that is being actively exploited in the wild in attacks on iPhones and iPads. The 0day vulnerability – tracked as CVE-2022-42827 – is an out-of-bounds write vulnerability in the kernel that affects iPhone 8 and later, all models of iPad Pro, iPad Air 3rd generation and...

Read More
Healthcare Industry Warned About Daixin Team Cybercrime Group
Oct25

Healthcare Industry Warned About Daixin Team Cybercrime Group

A joint security alert has been issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) about Daixin Team – A ransomware and data extortion group that predominantly conducts attacks on the healthcare and public health sector (HPH). Daixin Team first started conducting ransomware and data extortion attacks in June 2022. The group...

Read More
Threat Actors Advertising Tool for Exploiting Vulnerabilities in Veeam Backup & Replication
Oct25

Threat Actors Advertising Tool for Exploiting Vulnerabilities in Veeam Backup & Replication

Several remote code execution vulnerabilities have been identified in the Veeam Backup & Replication application which have been exploited by threat actors, with some threat actors advertising a weaponized tool that will achieve remote code execution by exploiting the flaws. Veeam Backup & Replication is a backup app built that is used for backing up and restoring virtual environments built on VMware vSphere, Nutanix AHV, and...

Read More
Study Suggests Risk of Malware Infection from GitHub-Hosted PoC Exploits is Over 10%
Oct24

Study Suggests Risk of Malware Infection from GitHub-Hosted PoC Exploits is Over 10%

A recent study, conducted by researchers at Leiden Institute of Advanced Computer Science, suggests the risk of being infected with malware from downloading proof-of-concept (PoC) exploit code from GitHub is more than 10%. GitHub is a popular code-hosting platform that is used by more than 83 million developers worldwide for contributing to the open source community and sharing, tracking, and controlling changes to their code. GitHub...

Read More
Zimbra Zero-Day Flaw Exploited to Infect at Least 1,600 Servers with Web Shells
Oct17

Zimbra Zero-Day Flaw Exploited to Infect at Least 1,600 Servers with Web Shells

Patches have been released by Zimbra to fix an actively exploited flaw affecting Zimbra Collaboration (Zimbra Collaboration Suite). The critical flaw, tracked as CVE-2022-41352, is a remote code execution vulnerability affecting the cpio utility used by the Amavis open source content filter to scan and extract files. If the flaw is successfully exploited, an attacker can use the cpio package to gain incorrect access to any other user...

Read More
October Patch Tuesday: 90+ Vulnerabilities Patched, but Not ProxyNotShell Flaws
Oct12

October Patch Tuesday: 90+ Vulnerabilities Patched, but Not ProxyNotShell Flaws

Microsoft released patches to fix 96 vulnerabilities across its suite of products on October 2022 Patch Tuesday, including fixes for two zero-day vulnerabilities, one of which is being actively exploited in the wild. 13 of the patches address critical vulnerabilities, 71 are rated important, 1 is rated moderate, and the severity of 11 of the flaws is unknown. In late September, Microsoft announced that two zero-day vulnerabilities had...

Read More
New Callback Phishing Tactics Used to Gain Access to Devices
Oct10

New Callback Phishing Tactics Used to Gain Access to Devices

Ransomware gangs have resurrected a callback phishing technique for gaining initial access to networks, where initial contact is made with the victim via email and a telephone number is provided for the victim to call, along with an important reason for making contact. This is usually a pending charge for a fake subscription to a product or service or a free trial that is due to come to an end, resulting in a charge being applied....

Read More
FBI Warns of Increase in Pig Butchering Cryptocurrency Investment Scams
Oct04

FBI Warns of Increase in Pig Butchering Cryptocurrency Investment Scams

The Federal Bureau of Investigation (FBI) has issued a warning following a rise in ‘pig butchering’ cryptocurrency investment scams. These scams are usually conducted via social media by scammers who are willing to invest time into building relationships with their victims (pigs). After earning their trust, the scammers convince them to invest in cryptocurrencies via fake cryptocurrency platforms. In contrast to other forms of social...

Read More