Ryuk Ransomware Update Adds Worm-Like Capabilities
Mar01

Ryuk Ransomware Update Adds Worm-Like Capabilities

A new variant of Ryuk ransomware has been detected with worm-like capabilities that allow it to spread laterally within an infected network with no human interaction. This is a notable change for a ransomware variant that has previously been deployed manually after access to a network has been gained. Previously, when network access is achieved, the threat actors performed reconnaissance and manually moved laterally within a network...

Read More
Hackers Actively Scanning for Vulnerable VMware Servers after Publication of PoC Exploit Code
Feb26

Hackers Actively Scanning for Vulnerable VMware Servers after Publication of PoC Exploit Code

Scans are currently being conducted to identify VMware vCenter servers that have not been patched, following the publication of Proof-of-Concept (PoC) exploits for a vulnerability tracked as CVE-2021-21972. The vulnerability has been assigned a CVSS v3 base score of 9.8 out of 10 and a patch was released on February 23, 2021. The vulnerability is in the vSphere Client (HTML5), which is a plugin of VMware vCenter that is used as a...

Read More
Cisco Patches Critical Flaws in its Application Services Engine and ACI Multi-Site Orchestrator
Feb25

Cisco Patches Critical Flaws in its Application Services Engine and ACI Multi-Site Orchestrator

Cisco has released a patch to address a critical flaw in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine. The flaw, tracked as CVE-2021-1388, has been given the maximum CVSS severity of 10/10. If exploited, an attacker would be able to remotely bypass authentication on an affected device. The flaw could be exploited by sending a specially crafted request to a vulnerable ACI...

Read More
Accellion FTA Extortion Attacks Linked to FIN11 and CL0P Ransomware Gang
Feb23

Accellion FTA Extortion Attacks Linked to FIN11 and CL0P Ransomware Gang

In mid-December, threat actors started exploiting zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) product, and over the next few weeks it became apparent that many companies had suffered data breaches. The Accellion FTA was originally launched around 20 years ago to get around the problem of emailing large file attachments. Rather than emailing large files, individuals are sent links to the files hosted on the...

Read More
US. Department of Justice Indicts 3 Alleged Members of North Korean Lazarus Hacking Group
Feb19

US. Department of Justice Indicts 3 Alleged Members of North Korean Lazarus Hacking Group

This week, the U.S. Department of Justice announced that three North Korean intelligence officials have been indicted for their role in a slew of destructive cyberattacks on U.S. and global organizations spanning many years. The cyberattacks allowed the hackers to steal and extort more than $1.3 billion in money and cryptocurrencies from companies and financial institutions around the world. The three individuals are alleged members...

Read More
Malvertising Gang Exploited WebKit Zero Day to Redirect Web Visitors to Scam Sites
Feb17

Malvertising Gang Exploited WebKit Zero Day to Redirect Web Visitors to Scam Sites

An unpatched zero-day vulnerability in WebKit-based browsers has been exploited by a threat group to redirect website visitors to scam sites for at least 8 months, according to a new report released by cybersecurity firm Confiant. The threat group behind the attack – ScamClub – has been in operation since at least 2018 and primarily uses malicious adverts (malvertising) to direct Internet users to scam sites, often sites running...

Read More
Microsoft: Over 1,000 Hackers Suspected to be Involved in SolarWinds Hack
Feb16

Microsoft: Over 1,000 Hackers Suspected to be Involved in SolarWinds Hack

Microsoft President Brad Smith recently claimed the SolarWinds supply chain attack was “the largest and most sophisticated attack the world has ever seen” and may have involved more than 1,000 Russian operatives. The attack saw the code of the SolarWinds Orion solution updated so that when it was automatically updated a backdoor was inserted into all users’ networks that gave the attackers remote access. Many thousands of IT...

Read More
Egregor Ransomware Operation Disrupted and Several Arrest Made
Feb15

Egregor Ransomware Operation Disrupted and Several Arrest Made

Several suspected members of the Egregor ransomware operation have been arrested in Ukraine, according to the news outlet France Inter. The arrests were made as part of a joint operation between law enforcement in France and Ukraine to disrupt the operation. The suspects arrested in the operation are understood to be affiliates who signed up to hack corporate networks and deploy Egregor ransomware for a cut of the ransom payments that...

Read More
Microsoft Fixes 56 Flaws on February 2021 Patch Tuesday Including 1 Zero Day
Feb10

Microsoft Fixes 56 Flaws on February 2021 Patch Tuesday Including 1 Zero Day

Compared to previous months, February 2021 Patch Tuesday saw relatively few patches released by Microsoft to correct flaws across its range of products, although several of the vulnerabilities have already been publicly disclosed and one patch has been released to fix an actively exploited zero-day flaw that affects Windows 10 and Windows Server 2019. In total, 56 vulnerabilities have been fixed this month, 11 of which are critical....

Read More
Adobe Patches 50 Vulnerabilities Including 1 Actively Exploited Adobe Reader Bug
Feb10

Adobe Patches 50 Vulnerabilities Including 1 Actively Exploited Adobe Reader Bug

On February 2021 Patch Tuesday Adobe released patches to correct 50 vulnerabilities across its range of products, including 34 critical severity flaws, one of which is being actively exploited in the wild in limited attacks on Windows users. The actively exploited vulnerability is a heap-based buffer overflow vulnerability in Adobe Reader, tracked as CVE-2021-21017. If the buffer overflow is triggered, an attacker could remotely...

Read More
RDP Attacks Increased by 768% in 2020 and Remain a Key Attack Vector
Feb09

RDP Attacks Increased by 768% in 2020 and Remain a Key Attack Vector

The COVID-19 pandemic forced businesses to move to a largely remote workforce and cybercriminals took advantage by targeting vulnerabilities in Remote Desktop Protocol (RDP). Between Q1 and Q4, 2020, RDP attacks increased by 768%, according to the ESET Q4 2020 Threat Report. RDP attacks slowed in Q4, 2020 as cybercriminals started to favor other methods of attack. The decrease suggests businesses have managed to improve the security...

Read More
Hackers Steal Source Code of Stormshield Firewall Products
Feb08

Hackers Steal Source Code of Stormshield Firewall Products

Stormshield, one of the leading French cybersecurity firms, has announced it has suffered a cyberattack in which the attackers gained access to its support ticket system and stole some of the source code two of its firewall products. Stormshield provides cybersecurity solutions such as unified threat management (UTM) firewall devices, secure file management solutions, and endpoint protection solutions to French enterprises, European...

Read More
Ransomware Attacks Most Commonly Start with Phishing and 70% Involve Data Exfiltration
Feb04

Ransomware Attacks Most Commonly Start with Phishing and 70% Involve Data Exfiltration

The Q4, 2020 Quarterly Ransomware Report from Coveware shows there has been a marked decline in the number of companies paying ransoms to recover data stolen in ransomware attacks and prevent the public release of stolen data. The fall is seen as a response to the erosion of trust. There have been several recent attacks where stolen data has been released publicly even when a ransom has been paid. If companies have a viable backup...

Read More
Three Vulnerabilities Identified in SolarWinds Products
Feb03

Three Vulnerabilities Identified in SolarWinds Products

Patches have been released to fix three vulnerabilities SolarWinds products. Two of the flaws affect the SolarWinds Orion platform, and the third affects the Serv-U FTP server for Windows. One of the SolarWinds Orion flaws allows remote code execution with admin privileges and could be exploited by a remote attacker to take full control of the Orion platform. The other vulnerability in the platform could only be exploited by a local...

Read More
Phishers Target US Businesses in Scam Offering Fake PPP Loans
Feb02

Phishers Target US Businesses in Scam Offering Fake PPP Loans

A phishing campaign has been detected which is targeting U.S. businesses that are struggling to stay in operation during the pandemic. The emails attempt to get business owners to apply for a fake PPP loan and disclose sensitive data. The Paycheck Protection Program (PPP) is part of the U.S. CARES Act, which was launched by the Trump Administration on April 3, 2020 to provide financial assistance to businesses that have been adversely...

Read More
TrickBot Returns with a New Malspam Campaign
Feb01

TrickBot Returns with a New Malspam Campaign

A botnet that was severely disrupted in late 2020 by a coalition led by Microsoft is now back with a new malspam campaign. The infrastructure used by the operators of the TrickBot botnet was taken down in the run up to the November 2020 U.S. Presidential election, but it didn’t take long for the infrastructure to be rebuilt. The takedown was successful and caused major disruption to the operation, but since no arrests were made, the...

Read More
Europol Announces Takedown of the Emotet Botnet
Jan27

Europol Announces Takedown of the Emotet Botnet

Europol has announced that following a global operation by law enforcement and judicial authorities, the Emotet botnet has been disrupted and law enforcement agencies have seized control of its infrastructure. The takedown was planned for two years and involved Europol, Eurojust, the FBI, the Royal Canadian Mounted Police, the UK’s National Crime Agency, and law enforcement agencies in Ukraine, Netherlands, Germany, Lithuania, and...

Read More
Interpol Warns of Rise in Investment Scams Targeting Dating App Users
Jan21

Interpol Warns of Rise in Investment Scams Targeting Dating App Users

With opportunities for meeting potential partners now limited due to the COVID-19 pandemic and many people isolated due to lockdown measures, use of dating apps has soared. Dating apps have long provided scammers with opportunities for fraud and romance scams are rife. However, there have been increasing numbers of dating app users targeted with a new investment scam in recent weeks, prompting Interpol to issue a Purple Notice about...

Read More
FreakOut Malware Campaign Targets Linux Devices
Jan20

FreakOut Malware Campaign Targets Linux Devices

A new malware variant is being used in attacks on Linux devices that sees the devices added to a botnet and used for cryptocurrency mining and distributed-denial-of-service (DDoS) attacks. The new malware, dubbed FreakOut, places an infected device under the control of the botnet operator and used for remote attacks on other vulnerable devices. The malware variant was identified by researchers at Check Point who believe it is...

Read More
Microsoft Warns Windows Zerologon Patch Enforcement Starts on February 9, 2021
Jan19

Microsoft Warns Windows Zerologon Patch Enforcement Starts on February 9, 2021

The critical Windows Zerologon vulnerability (CVE-2020-1472) was patched by Microsoft on August Patch Tuesday; however, despite the seriousness of the vulnerability – rated 10/10 for severity – there are still some organizations that have yet to apply the patch. Microsoft has now announced that from February 9, 2021 it will be enabling domain controller enforcement mode by default, which will help to ensure that the threat of...

Read More
Hackers Altered Stolen Pfizer Vaccine Documentation Prior to Publication
Jan18

Hackers Altered Stolen Pfizer Vaccine Documentation Prior to Publication

In November 2020, hackers gained access to a server used by the European Medicines Agency (EMA), the drug and vaccine regulator in the European Union, and stole data on the Pfizer/BioNTech vaccine candidate.  Last week, the EMA announced that the hackers had publicly released the documentation on hacking forums, but a new alert warns that the documentation was manipulated prior to release. The stolen data included information...

Read More
Healthcare Sector Cyberattacks Have Increased by 45% in the Past 2 Months
Jan14

Healthcare Sector Cyberattacks Have Increased by 45% in the Past 2 Months

A recent joint CISA, FBI, and HHS cybersecurity alert warned that the healthcare sector was being targeted by threat actors who were deploying ransomware. Attacks are being conducted by several threat actors using a range of different ransomware variants, including Ryuk and Conti. A new report recently published by Check Point shows that since the alert was issued, cyberattacks on the healthcare sector have continued to increase. From...

Read More
Microsoft Releases Patch for Actively Exploited Windows Defender Zero Day and 9 Other Critical Flaws
Jan13

Microsoft Releases Patch for Actively Exploited Windows Defender Zero Day and 9 Other Critical Flaws

The first Patch Tuesday of 2021 has seen Microsoft release patches to fix 83 vulnerabilities across its range of products, including one zero-day vulnerability in Windows Defender that is being actively exploited in the wild. This month’s round of patches includes fixes for 10 critical and 73 important vulnerabilities in Windows OS, Edge, Office, Visual Studio, .Net Core, .Net Repository, ASP .Net, Azure, Malware Protection Engine and...

Read More
Kaspersky Researchers Link Sunburst Backdoor to Kazuar Backdoor Used by Russian Turla APT Group
Jan11

Kaspersky Researchers Link Sunburst Backdoor to Kazuar Backdoor Used by Russian Turla APT Group

Researchers at Kaspersky have identified similarities between the backdoor used in the SolarWinds supply chain attack and another backdoor – Kazuar – which is believed to have been used by the Russian Advanced Persistent Threat (APT) group Turla. Turla has been linked to several attacks on foreign governments over the past 14 years. The APT group behind the SolarWinds attack compromised the company’s Orion monitoring solution and used...

Read More
FBI Issues Warning About Ongoing Egregor Ransomware Activity
Jan08

FBI Issues Warning About Ongoing Egregor Ransomware Activity

The Federal Bureau of Investigation (FBI) has issued a warning to private sector companies about ongoing Egregor ransomware attacks. Since September 2020, when the ransomware variant was first identified, it has been used in attacks on at least 150 companies worldwide. Egregor is a ransomware-as-a-service offering with many affiliates used to distribute the ransomware. Many of the affiliates moved to Egregor distribution when the Maze...

Read More
NVIDIA Software Update Corrects Multiple High Severity Graphics Driver Flaws
Jan08

NVIDIA Software Update Corrects Multiple High Severity Graphics Driver Flaws

NVIDIA has released patches to correct 16 vulnerabilities in its graphics drivers and vGPU software for Windows and Linux systems, most of which are high severity flaws that can be exploited to escalate privileges, tamper with data, obtain sensitive data, or conduct denial of service attacks. NVIDIA’s GPUs are popular with gamers due to being optimized for high-performance gaming. The vulnerabilities are in the drivers and software...

Read More
Hardcoded Password Vulnerability in Zyxel Devices Being Actively Exploited
Jan07

Hardcoded Password Vulnerability in Zyxel Devices Being Actively Exploited

Cybercriminals have started exploiting the hardcoded credential vulnerability (CVE-2020-29583) in Zyxel networking products that was announced by Zyxel on December 23, 2020. The vulnerability, identified by Niels Teusink of the Dutch cybersecurity firm EYE, affects around 100,000 Zyxel devices, including its firewalls, AP controllers and VPN gateways. The flaw was assigned a CVSS V3 score of 7.8 out of 10 (High severity). Teusink...

Read More
Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat
Jan06

Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat

Cyberattacks on healthcare organizations have continued to increase over the past two months, according to research conducted by cybersecurity firm Check Point, and ransomware is now the biggest malware threat. In October, a joint security advisory was issued by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warning the...

Read More
Hidden Backdoor Identified in Zyxel Firewalls and AP Controllers
Jan04

Hidden Backdoor Identified in Zyxel Firewalls and AP Controllers

A security researcher has identified a hidden backdoor in Zyxel firewalls and AP controllers, caused by the use of hardcoded administrative credentials for an account that was intended to be used to automatically update the firmware on the devices. More than 100,000 Zyxel devices are affected worldwide. The hard coded credentials mean hackers could perform malicious firmware updates, and could change the firewall settings to...

Read More
FinCEN Advises Financial Institutions to be Alert to COVID-19 Vaccine-Related Scams and Cyberattacks
Dec30

FinCEN Advises Financial Institutions to be Alert to COVID-19 Vaccine-Related Scams and Cyberattacks

The Financial Crimes Enforcement Network (FinCEN) has issued a warning to financial institutions that ransomware gangs are actively targeting organizations involved in vaccine research. Financial institutions have been advised to be on high alert due to the considerable potential for fraud and criminal activity related to COVID-19 vaccines and their distribution. Nation state threat groups and cybercriminal organizations are taking...

Read More
CISA and CrowdStrike Release Free Azure/O365 Analysis Tools to Identify Malicious Activity
Dec29

CISA and CrowdStrike Release Free Azure/O365 Analysis Tools to Identify Malicious Activity

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool for detecting unusual and potentially malicious activity in Azure/Office 365 environments. The tool can be downloaded free of charge and used by incident response teams to identify the identity- and authentication-based attacks that have been observed in multiple sectors in the wake of the SolarWinds...

Read More
Lazarus Group Targeting COVID-19 Research and Vaccine Data
Dec28

Lazarus Group Targeting COVID-19 Research and Vaccine Data

Kaspersky has confirmed the Lazarus Advanced Persistent Threat (APT) group has conducted two cyberattacks on entities involved in COVID-19 vaccine research. The cyberattacks occurred in the fall of 2020, with the APT group using different tactics techniques and procedures (TTPs) in each of the attacks. One attack was performed on October 27, 2020 on a government health ministry using a sophisticated malware known to Kaspersky as...

Read More
More Than 3 Million Chrome and Edge Users Have Malware-Infected Browser Extensions
Dec21

More Than 3 Million Chrome and Edge Users Have Malware-Infected Browser Extensions

Approximately 3 million users of Google Chrome and Microsoft Edge have been infected with malware that has been hidden in browser extensions, according to a new report from antivirus company Avast. At least 28 JavaScript-based Chrome and Edge extensions for Instagram, Facebook, Vimeo and others have had malicious code added, which is used to steal personal data and redirect users to adverts and phishing websites. The malicious code...

Read More
Microsoft and the U.S. Nuclear Agency Confirmed as Victims of SolarWinds Hack
Dec18

Microsoft and the U.S. Nuclear Agency Confirmed as Victims of SolarWinds Hack

The number of confirmed victims of the SolarWinds hack is growing. Microsoft has confirmed it was hacked, although its software was not apparently compromised. Reuters had reported that after compromising Microsoft, the hackers had modified its software to distribute malicious files to its clients. Microsoft issued a statement claiming the Reuters article was incorrect and while SolarWinds binaries were found in its environment, they...

Read More
Contact Form 7 Vulnerability Places 5 Million WordPress Sites at Risk of Takeover
Dec18

Contact Form 7 Vulnerability Places 5 Million WordPress Sites at Risk of Takeover

A critical vulnerability has been identified in the popular WordPress plugin, Contact Form 7, which has been installed on approximately 5 million websites. The vulnerability, tracked as CVE-2020-35489, is easy to exploit and can be exploited remotely without the attacker having to authenticate on a vulnerable website. The vulnerability is classed as an unrestricted file upload bug, according to Astra Security Research, which...

Read More
Researchers Find More than 45 Million Medical Images Stored on Unprotected Servers
Dec17

Researchers Find More than 45 Million Medical Images Stored on Unprotected Servers

More than 45 million medical images are currently exposed on unprotected servers and can be accessed freely over the internet without usernames or passwords. The medical images include metadata that includes personal and protected health information, which could be used for a variety of nefarious purposes. The unprotected images, which include MRIs, CT scans, and X-Rays were found by researchers at the CyberAngel Analyst Team, who...

Read More
SolarWinds Supply Chain Attack Impacts up to 18,000 Customers
Dec15

SolarWinds Supply Chain Attack Impacts up to 18,000 Customers

Hackers successfully compromised the SolarWinds Orion software solution and incorporated a backdoor dubbed SUNBURST that has been downloaded by up to 18,000 of its customers, including many large enterprises and government agencies. SolarWinds Orion is a software solution used by large enterprises and government agencies to manage their IT networks and IT infrastructure. The software is used by all five branches of the U.S. military,...

Read More
K-12 Schools Warned About Cyber Actors Targeting Distance Learning Education
Dec11

K-12 Schools Warned About Cyber Actors Targeting Distance Learning Education

The U.S. Cybersecurity and infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint advisory to K-12 schools warning that cyber actors are conducting targeted attacks on distance learning education. Cyber actors are attempting to disrupt distance learning services, gain access to sensitive data, and conduct ransomware...

Read More
Spear Phishing Campaign Spoofing Microsoft.Com Sees Emails Delivered to Office 365 Inboxes
Dec10

Spear Phishing Campaign Spoofing Microsoft.Com Sees Emails Delivered to Office 365 Inboxes

Researchers at Israeli cybersecurity firm Ironscales have identified a spear phishing campaign targeting Office 365 users that spoofs the Microsoft.com domain. Several thousand Office 365 mailboxes are known to have been targeted, with around 100 customers of Ironscales having been sent the phishing emails. Those customers span several industry sectors including healthcare, insurance, telecom, manufacturing, and financial services....

Read More
FireEye Discloses Data Breach and Confirms Theft of Red Team Tools
Dec09

FireEye Discloses Data Breach and Confirms Theft of Red Team Tools

The U.S. cybersecurity firm FireEye has announced a sophisticated threat actor has successfully hacked into its systems and stole Red Team assessment tools that the company uses to test the security of its customers’ systems. The stolen tools mimic those used by many cyber threat actors to gain access to organizations’ systems. Cyberattacks on cybersecurity companies are relatively rare, but they do occur, with Trend Micro, Avast, and...

Read More
Kubernetes Bug Allows Traffic from Other Pods in Multi-Tenant Clusters to be Intercepted
Dec08

Kubernetes Bug Allows Traffic from Other Pods in Multi-Tenant Clusters to be Intercepted

A Kubernetes vulnerability has been identified that could allow an attacker to intercept traffic from other pods in multi-tenant Kubernetes clusters. The vulnerability, discovered by Etienne Champetier of Anevia, can be exploited remotely in a man-in-the-middle attack by an individual with basic tenant permissions, without any user involvement required. If an attacker has permissions to create and update services and pods, they could...

Read More
Foreign APT Groups Targeting Think Tanks, Warns CISA/FBI
Dec03

Foreign APT Groups Targeting Think Tanks, Warns CISA/FBI

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning about ongoing cyberattacks on think tanks by foreign Advanced Persistent Threat (APT) groups. The purpose of the attacks is to gain persistent access to victim networks for espionage purposes. This is achieved through phishing attacks to gain access to user credentials and by exploiting vulnerabilities in...

Read More
BEC Scammers Using Auto-Forwarding Rules in Web-Based Email Clients to Prevent Detection
Dec02

BEC Scammers Using Auto-Forwarding Rules in Web-Based Email Clients to Prevent Detection

Cybercriminals have been using auto-forwarding rules in web-based email clients to increase the chances of success of their business email compromise (BEC) scams, according to a recently issued TLP: WHITE Joint Private Industry Notification from the Federal Bureau of Investigation (FBI). Business email compromise scams involve gaining access to a corporate email account and using that account to send emails to other individuals in the...

Read More
Cyberbiological Attack Could Fool Scientists into Creating and Using Dangerous DNA
Dec01

Cyberbiological Attack Could Fool Scientists into Creating and Using Dangerous DNA

A new, theoretical cyberattack has been described by a team of researchers at Ben-Gurion University (BGU) in Israel that could be used in a devastating biological attack. Every year, commercial DNA synthesizers create billions of nucleotides, which are sold to customers and generate billions of dollars in sales. There is growing concern that a cyberattack could be conducted to interfere with the synthetic DNA orders. Just as in a...

Read More
Cyberattacks Increased During the Pandemic as Enterprises Struggled with Security with a Remote Workforce
Nov30

Cyberattacks Increased During the Pandemic as Enterprises Struggled with Security with a Remote Workforce

A recent study conducted by the California based endpoint security and systems management company Tanium suggests enterprises have struggled with security during the pandemic and have experienced an increase in cyberattacks. Tanium commissioned a Censuswide survey of 1,000 CXOs and vice presents at enterprise and government organizations in the United States, United Kingdom, France and Germany in June 2020 to explore how they coped...

Read More
Egregor Ransomware Vying to Become the Top Ransomware Threat
Nov27

Egregor Ransomware Vying to Become the Top Ransomware Threat

The Maze ransomware gang may have shut down its operation, but there is now a new ransomware variant that is vying to take its place as one of the biggest ransomware threats. Egregor ransomware first appeared in September 2020, claiming 15 victims in the month, followed by attacks on the US bookseller, Barnes & Noble, and the French and German video game developers, Ubisoft and Crytek. Since then, the number of attacks using...

Read More
Patch MobileIron Vulnerability Immediately, Warns NCSC
Nov25

Patch MobileIron Vulnerability Immediately, Warns NCSC

The UK National Cyber Security Centre (NCSC) has issued an alert that confirms Advanced Persistent Threat (APT) groups and cybercriminals are currently exploiting the MobileIron remote code execution vulnerability, CVE-2020-1550 to compromise the networks of UK companies. Attacks have been conducted on local government, healthcare organizations, and companies in the logistics and legal sectors, and there have been several cases where...

Read More
Warning Issued After Discovery of Scores of Spoofed FBI Websites
Nov24

Warning Issued After Discovery of Scores of Spoofed FBI Websites

Scores of domains have been identified which spoof official Federal Bureau of Investigation (FBI) websites, prompting the FBI’s Internet Crime Complaint Center to issue a warning. While the intentions of the individuals who registered the domains is not known, it is strongly suspected that the domains were intended for use in future phishing or malware distribution campaigns. The domains could be used to register email accounts that...

Read More
FBI Issues Warning Following Increase in Ragnar Locker Ransomware Activity
Nov23

FBI Issues Warning Following Increase in Ragnar Locker Ransomware Activity

A recent increase in Ragnar Locker ransomware activity has prompted the Federal Bureau of Investigation (FBI) to issue a warning to private industry partners. The alert provides information to help system administrators and security professionals protect against attacks. Ragnar Locker is a relatively new ransomware strain, first identified in April 2020. The ransomware variant was used in an attack by unknown threat actors on a large,...

Read More
Facebook Fixes Messenger Bug That Allows Audio to be Transmitted Without a User’s Permission
Nov20

Facebook Fixes Messenger Bug That Allows Audio to be Transmitted Without a User’s Permission

A critical flaw in the Facebook Messenger messaging app for Android which allowed callers to listen to users’ surroundings without permission has been fixed by Facebook. The bug allowed callers to eavesdrop on the person they were calling before the call was answered. In order to exploit the flaw, a caller would need to send a type of message known as SdpUpdate to the person they were calling, which would allow them to connect to the...

Read More
Malsmoke Campaign Delivers ZLoader Malware via Popups on High Traffic Adult Websites
Nov17

Malsmoke Campaign Delivers ZLoader Malware via Popups on High Traffic Adult Websites

A malware distribution campaign identified by security researchers at Malwarebytes is now distributing a ZLoader malware variant via popups on popular adult websites. The campaign – named Malsmoke by Malwarebytes – has been active since at least August 2020. Initially, the threat actors were using exploit kits to deliver the Smoke Loader malware dropper; however, in October they changed tactics and switched to fake Java update...

Read More
Use of SSL Certificates in Malware and Phishing Attacks Up 260% in 2020
Nov11

Use of SSL Certificates in Malware and Phishing Attacks Up 260% in 2020

Abuse of SSL certificates in phishing and malware attacks has increased by 260% in the first 9 months of 2020, according to a new report from Zscaler. Zscaler analyzed more than 6.6 billion threats for the report and found a major rise in the use of encryption to hide attacks. Encryption was being used across the full attack cycle, according to the researchers, including the initial delivery of malware or malicious links to the...

Read More
Microsoft Fixes 112 Vulnerabilities Including 17 Critical Flaws
Nov10

Microsoft Fixes 112 Vulnerabilities Including 17 Critical Flaws

November 2020 Patch Tuesday has seen Microsoft correct 112 vulnerabilities across its range of products, including 17 critical flaws. 93 of the vulnerabilities are rated important and two are rated low severity. This month’s updates see a change to the way Microsoft reports the vulnerabilities, with the descriptions of each no longer included. Instead, Microsoft is relying on the CVSS scores to provide information on the severity of...

Read More
RansomEXX Ransomware Now Targets Windows and Linux Servers
Nov09

RansomEXX Ransomware Now Targets Windows and Linux Servers

Kaspersky has announced it has discovered a Linux version of RansomEXX ransomware – aka Defray777. This is one of the first times that a Windows ransomware strain has been adapted to attack Linux systems, with the new variant able to be used in targeted attacks on organizations that have both Windows and Linus systems to cause greater disruption. RansomEXX is a relatively new human-operated ransomware variant which was first detected...

Read More
Three Actively Exploited Zero Days in the iOS Operating System Patched by Apple
Nov06

Three Actively Exploited Zero Days in the iOS Operating System Patched by Apple

Patches have been released to correct three zero-day vulnerabilities in the iOS operating systems that are currently being exploited in the wild. The vulnerabilities affect the following Apple devices: iPhones – 6s and later iPads Air 2 and later iPad mini 4 and later iPod 7th generation All three vulnerabilities have been corrected in iOS 14.2, along with several other vulnerabilities A memory corruption issue exists which can be...

Read More
October Threat Report Shows 1,200% Increase in Emotet Attacks in Q3, 2020
Nov05

October Threat Report Shows 1,200% Increase in Emotet Attacks in Q3, 2020

New data from HP Inc. shows cyberattacks involving the Emotet Trojan increased by more than 1,200% between Q2, 2020 and Q3, 2020. The data for the company’s October 2020 Threat Insights Report come from HP Sure Click Enterprise, a security solution used on enterprise desktops and laptops that captures malware and allows it to run in a secure container. Data were collected from 1 July to 30 September 2020, with the report proving...

Read More
Adobe Update Corrects 14 Vulnerabilities in Acrobat and Reader Including 4 Critical Flaws
Nov04

Adobe Update Corrects 14 Vulnerabilities in Acrobat and Reader Including 4 Critical Flaws

Adobe has released an out-of-band update to correct several vulnerabilities in Adobe Acrobat and Adobe Reader, just a week before November Patch Tuesday when updates are usually scheduled for release. 14 vulnerabilities have been corrected in the update, including 4 critical vulnerabilities in Acrobat and Reader for both Windows and macOS operating systems. The critical vulnerabilities can be exploited remotely and allow the execution...

Read More
Zero-Day Windows Flaw Allowing Sandbox Escape Being Actively Exploited in the Wild
Nov04

Zero-Day Windows Flaw Allowing Sandbox Escape Being Actively Exploited in the Wild

Google Project Zero has disclosed a high severity Windows vulnerability that has yet to be patched by Microsoft after the flaw was observed being exploited in the wild by hackers. The Windows driver bug, which allows local privilege escalation and sandbox escape, was announced just 7 days after it was reported. While the Google Project Zero team usually waits until a patch has been made available before disclosing a vulnerability, the...

Read More
WordPress 5.5.2 Released: 10 Vulnerabilities Corrected Including 1 High-Severity Flaw
Nov02

WordPress 5.5.2 Released: 10 Vulnerabilities Corrected Including 1 High-Severity Flaw

Version 5.5.2 of the WordPress content management platform has been released. The latest WordPress version fixes 10 security vulnerabilities, including one high-severity flaw that could be exploited to take over a targeted website. A remote attacker could conduct a narrow denial of service attack, which could then turn into a remote code execution issue. The vulnerability is due to how WordPress manages internal resources within the...

Read More
Ryuk Ransomware Gang Steps Up Attacks on U.S. Hospitals
Oct30

Ryuk Ransomware Gang Steps Up Attacks on U.S. Hospitals

The U.S Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a warning to healthcare providers and public health agencies of an imminent threat of attacks using Ryuk ransomware. An advisory was issued on October 28, 2020 after credible evidence was uncovered indicating the operators of Ryuk...

Read More
Maze Ransomware Gang Shuts Down Operations
Oct29

Maze Ransomware Gang Shuts Down Operations

The Maze ransomware gang, which operated one to the most prolific ransomware campaigns over the past 18 months year, has shut down. The Maze ransomware operators were the first to utilize a double-extortion tactic involving the theft of data prior to the encryption of files to increase the likelihood of the ransom being paid. While all ransomware operations involve the encryption of files and the payment of a ransom in order to obtain...

Read More
Top 25 Vulnerabilities Exploited by Chinese State Sponsored Hackers
Oct22

Top 25 Vulnerabilities Exploited by Chinese State Sponsored Hackers

Chinese state-backed hackers are targeting U.S. organizations for espionage purposes, with access to computer systems usually gained by exploiting unpatched vulnerabilities. Hackers are scanning for unpatched systems and use publicly released or homegrown exploits to gain a foothold in networks with a view to stealing intellectual property and sensitive data. On Tuesday, the U.S. National Security Agency (NSA) published a list of 25...

Read More
DOJ Charges 6 GRU Hackers for NotPetya Wiper Attacks
Oct21

DOJ Charges 6 GRU Hackers for NotPetya Wiper Attacks

The U.S. Department of Justice has indicted six Russian intelligence operatives for the 2017 NotPetya malware attacks and other major hacking operations. All six individuals are believed to be members of Russia’s Main Intelligence Directorate, GRU, and specifically GRU Unit 74455, otherwise known as Sandworm. The hackers are believed to be responsible for the June 27, 2017 destructive NotPetya attacks, which have been estimated...

Read More
Ryuk Ransomware Gang Uses Zerologon Exploit to Achieve Domain-Wide Encryption in Just 5 Hours
Oct20

Ryuk Ransomware Gang Uses Zerologon Exploit to Achieve Domain-Wide Encryption in Just 5 Hours

The threat actors behind Ryuk ransomware have started using an exploit for the Zerologon privilege escalation flaw, CVE-2020-1472, which has allowed them to perform ransomware attacks at breakneck speed. The Zerologon vulnerability allows them to compromise a domain controller and all Active Directory identity services. In one successful attack, it took the attackers just two hours from an initial phish to exploit the vulnerability,...

Read More
Microsoft Issues Out-of-Band Updates to Correct Two RCE Flaws
Oct19

Microsoft Issues Out-of-Band Updates to Correct Two RCE Flaws

On Friday, Microsoft issued out-of-band patches to correct two flaws which could potentially lead to remote code execution. The flaws have been rated ‘important’ by Microsoft, although they could potentially be exploited by an attacker to gain full control of a vulnerable system. One of the flaws – tracked as CVE-2020-17023 – affects Microsoft’s Visual Studio Core, a source code editor for Windows, Linux, and macOS. If exploited, an...

Read More
Microsoft Patches 11 Critical and 75 Important Flaws on October 2020 Patch Tuesday
Oct13

Microsoft Patches 11 Critical and 75 Important Flaws on October 2020 Patch Tuesday

October 2020 Patch Tuesday has seen Microsoft issue patches to correct 87 flaws across its product range, including 11 Critical flaws and 75 Important vulnerabilities. An advisory has also been issued about a critical vulnerability in Adobe Flash Player. This month’s round of updates includes fixes for six publicly disclosed vulnerabilities. Microsoft is unaware of any cases where the flaws have been exploited and all have been rated...

Read More
Coalition of Tech Firms Takedown TrickBot Botnet
Oct13

Coalition of Tech Firms Takedown TrickBot Botnet

The backend infrastructure of the TrickBot botnet has been taken down by a coalition of tech companies and government agencies, including Microsoft ESET, NTT, Black Lotus Labs, Symantec, and FS-ISAC. The takedown is the result of several months of painstaking work involving the analysis of more than 125,000 samples of the TrickBot Trojan by the coalition members, who studied the content and extracted and mapped information about how...

Read More
Multiple Threat Groups are Exploiting the Microsoft Zerologon Vulnerability
Oct09

Multiple Threat Groups are Exploiting the Microsoft Zerologon Vulnerability

Microsoft has issued a warning following the discovery of multiple threat groups using exploits for the Zerologon vulnerability – CVE-2020-1472 – in the core authentication component of Active Directory of Windows Server and the Windows Netlogon Remote Protocol (MS-NRPC). The flaw is an elevation of privilege vulnerability that can be exploited when an attacker establishes a vulnerable Netlogon secure channel connection to a...

Read More
Male Chastity Device Vulnerability Could be Exploited to Cause Permanent Locking
Oct08

Male Chastity Device Vulnerability Could be Exploited to Cause Permanent Locking

Vulnerabilities have been identified in a male chastity device that could be exploited to cause the device to permanently lock. Should that happen, and you don’t have an angle grinder or the nerve to use one, it could prove to be a very embarrassing emergency room trip or fire department callout. The reason Bluetooth connectivity has been added to the Cell Mate male chastity device is to allow a trusted individual to be provided with...

Read More
CISA Issues Emotet Malware Alert Following Sharp Increase in Attacks
Oct07

CISA Issues Emotet Malware Alert Following Sharp Increase in Attacks

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about Emotet malware following an increase in successful attacks on state and local governments in the United States since August 2020. Emotet is distributed via phishing emails sent by the Emotet botnet – a network of computers that have been infected with Emotet malware. The botnet often conducts spam runs involving more...

Read More
Sanctions and Penalties Could be Imposed for Paying Ransomware Payments
Oct05

Sanctions and Penalties Could be Imposed for Paying Ransomware Payments

Following a ransomware attack, many firms choose to pay the ransom demand to obtain the keys to decrypt files and prevent the sale or publication of data stolen in the attack. Many choose to use third party companies to negotiate with the attackers and pay the ransom. Payment of the ransom is not recommended by the FBI, as there is no guarantee that valid keys to decrypt files will be provided and payment of a ransom encourages threat...

Read More
Emotet Campaign Impersonates Democratic National Convention
Oct02

Emotet Campaign Impersonates Democratic National Convention

An Emotet malware campaign is underway which has already targeted hundreds of organizations in the United States. The emails spoof the Democratic National Convention with messages claiming to be a call to action to recruit DNC volunteers across the country to help elected Democrats in the upcoming presidential election, as part of the DNC Team Blue initiative. The threat group behind Emotet, TA542, usually uses lures such as shipping...

Read More
Universal Health Services Ransomware Attack Cripples Hospitals Across the United States
Sep29

Universal Health Services Ransomware Attack Cripples Hospitals Across the United States

Universal Health Services (UHS) has suffered a ransomware attack that has taken IT systems out of action across its nationwide network of hospitals. UHS is a Fortune 500 healthcare provider and one of the largest providers of hospital and healthcare services in the United States. UHS has around 400 hospitals and healthcare facilities throughout the United States, Puerto Rico and the UK and had annual revenues of $11.37 billion in...

Read More
Windows XP Source Code Leaked Online
Sep28

Windows XP Source Code Leaked Online

Anyone still using Windows XP has been given an additional reason to finally upgrade to a supported Windows operating system. The source code for Windows XP SP1 and other Windows versions has been leaked online. It has been almost 20 years since Microsoft released Windows XP. Microsoft provided support for the popular operating system for 12 years, with extended support coming to an end on April 8, 2014. After that date patches and...

Read More
Zerologon Exploits Now Being Used in the Wild, Warns Microsoft
Sep24

Zerologon Exploits Now Being Used in the Wild, Warns Microsoft

Earlier this month, the DHS Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive about a critical vulnerability— CVE-2020-1472—that affected Microsoft Windows Netlogon Remote Protocol after proof-of-concept exploit code was publicly released. Microsoft has now issued a warning after hackers have been observed using exploits for the vulnerability in real world attacks. The vulnerability, named Zerologon...

Read More
Maze Ransomware now Uses Virtual Machines to Evade Endpoint Defenses
Sep21

Maze Ransomware now Uses Virtual Machines to Evade Endpoint Defenses

The operators of Maze ransomware have adopted a new tactic to evade endpoint security solutions. The gang has been observed encrypting computers from inside virtual machines, a tactic also used by the operators of Ragnar Locker ransomware. The new tactic was discovered by researchers at Sophos when responding to a ransomware attack on one of their customers. The Maze gang twice attempted to launch ransomware executables but were...

Read More
Ransomware Attack on Hospital Leads to the Death of a Patient
Sep18

Ransomware Attack on Hospital Leads to the Death of a Patient

A ransomware attack on a German hospital that took critical systems out of action and forced the cancellation of appointments and the temporary closure of its emergency department has led to the death of a patient. On or before September 10, 2020, Düsseldorf University Clinic was attacked with ransomware. The file encryption caused systems to crash and prevented patient information from being accessed. The extent of the encryption and...

Read More
Billions of Devices Vulnerable to ‘BLESA’ Bluetooth Spoofing Vulnerability
Sep16

Billions of Devices Vulnerable to ‘BLESA’ Bluetooth Spoofing Vulnerability

A vulnerability has been discovered in the Bluetooth Low Energy (BLE) reconnection process that could be exploited by an attacker to bypass the reconnection authentication requirements and send spoofed data to a device. The BLE protocol is a slimline version of standard Bluetooth that was developed to keep Bluetooth connections active while conserving battery power. Due to the low power requirements, BLE has proven popular with...

Read More
Hacking Group Observed Installing Weave Scope Tool to Gain Visibility and Control of Business Cloud Environments
Sep11

Hacking Group Observed Installing Weave Scope Tool to Gain Visibility and Control of Business Cloud Environments

The threat detection and response firm Intezer has observed a hacking group using the Weave Scope visualization and monitoring tool to gain visibility into and take control of compromised Docker and Kubernetes cloud environments. The hacking group, referred to as TeamTNT by Intezer, is known to target Docker and Kubernetes systems and has been observed using a credential-stealing worm to discover and exfiltrate AWS login credentials....

Read More
Adobe Patches 12 Critical Flaws in Experience Manager, InDesign, and Framemaker
Sep09

Adobe Patches 12 Critical Flaws in Experience Manager, InDesign, and Framemaker

Adobe has released patches to correct 18 flaws on September 2020 Patch Tuesday. The flaws exist in Adobe Experience Manager, Adobe InDesign, and Adobe Framemaker. 12 of the vulnerabilities have been rated critical, with the rest rated important. 5 patches have been released to correct critical cross-site scripting vulnerabilities in Adobe Experience Manager (CVE-2020-9732, CVE-2020-9734, CVE-2020-9740, CVE-2020-9741, and...

Read More
September 2020 Patch Tuesday: Microsoft Fixes 129 Vulnerabilities; 20 Critical
Sep09

September 2020 Patch Tuesday: Microsoft Fixes 129 Vulnerabilities; 20 Critical

Microsoft has issued patches to correct 129 vulnerabilities on September 2020 Patch Tuesday, 32 of which are remote code execution vulnerabilities and 20 have been rated critical. The vulnerabilities are spread across 15 products. While there is a large number of critical vulnerabilities in this month’s round of updates, none of the vulnerabilities are currently being exploited in the wild, although exploits for some of the flaws are...

Read More
Microsoft Will End Support for Adobe Flash Player on January 1, 2020
Sep07

Microsoft Will End Support for Adobe Flash Player on January 1, 2020

Microsoft has announced that web browser support for Adobe Flash Player will end on January 1, 2021. Adobe Flash Player will no longer be distributed or updated from December 31, 2020. The Security Update for Adobe Flash Player, which is usually released on Patch Tuesday every month for Microsoft Edge and Internet Explorer will end after December 2020. “Beginning in January 2021, Adobe Flash Player will be disabled by default...

Read More
New Cryptocurrency Stealing KryptoCibule Malware Family Identified
Sep03

New Cryptocurrency Stealing KryptoCibule Malware Family Identified

For the past two years, a cryptocurrency-stealing malware named KryptoCibule has been used to mine cryptocurrency on victims’ machines, steal cryptocurrency wallets, and hijack transactions. Malware targeting cryptocurrency tends to either involve mining cryptocurrency or stealing wallets/hijacking transactions. This malware does all three and also plants a backdoor into victim’s devices, allowing them to be remotely accessed....

Read More
Phishing Campaign Offering PPE Delivers Agent Tesla RAT
Sep01

Phishing Campaign Offering PPE Delivers Agent Tesla RAT

Researchers at Area 1 Security have identified a phishing scam that spoofs legitimate chemical companies, exporters and importers to deliver the Agent Tesla Remote Access Trojan (RAT). The phishing emails offer the recipient personal protective equipment (PPE) such as forehead temperature thermometers, disposable face masks, and other medical supplies that have been in short supply. The emails claim that the company has started mass...

Read More
New Version of Qbot Trojan Can Hijack Email Threads
Aug28

New Version of Qbot Trojan Can Hijack Email Threads

Check Point researchers have identified a new version of the Qbot Trojan, a malware threat that first appeared 12 years ago. Qbot is an information stealer that attempts to steal banking information, credit card numbers, passwords, cookies, and emails. It is also known to download other malware variants, including ransomware.  Remote connections can also be made with infected devices to make bank transactions from the victim’s IP...

Read More
New “FritzFrog” P2P Botnet Targeting SSH Servers of Banks, Medical Centers, Government Offices and Universities
Aug21

New “FritzFrog” P2P Botnet Targeting SSH Servers of Banks, Medical Centers, Government Offices and Universities

A new, sophisticated, and stealthy peer-to-peer (P2P) botnet named FritzFrog has been discovered which is being used to target SSH servers. The botnet was identified and analyzed by security researchers at Guardicore Labs who report that the botnet has been active since at least January 2020 and has been used in targeted attacks on government offices, medical centers, banks, telecoms companies, and education institutions, and finance...

Read More
Microsoft Releases Out of Band Update for Windows 8.1, RT 8.1, and Windows Server 2012 R2
Aug20

Microsoft Releases Out of Band Update for Windows 8.1, RT 8.1, and Windows Server 2012 R2

Microsoft has released an out of band update for Windows 8.1, RT 8.1, and Windows Server 2012 R2 to fix two privilege escalation flaws in the Windows Remote Access service. The two flaws – tracked as CVE-2020-1530 and CVE-2020-1537 – affect all supported versions of Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 and are due to improper handling of memory. In order to exploit the flaws, an attacker would need to have...

Read More
Patch Critical Citrix Endpoint Management (XenMobile Servers) Vulnerabilities Now
Aug13

Patch Critical Citrix Endpoint Management (XenMobile Servers) Vulnerabilities Now

Five vulnerabilities, including two critical flaws, have been identified in Citrix Endpoint Management (CEM) – also known as XenMobile Server – which is used by businesses to manage employees’ mobile devices and applications, apply updates, and manage security settings. The critical flaws – tracked as CVE-2020-8208 and CVE-2020-8209 – could be exploited remotely and would allow an unauthenticated individual to access domain...

Read More
Popular Keylogger and Info Stealer Now Steals Credentials from Browsers and VPNs
Aug12

Popular Keylogger and Info Stealer Now Steals Credentials from Browsers and VPNs

Agent Tesla malware has received an update. The information stealer and keylogger can now steal passwords from browsers, VPN clients, FTP and email clients. Agent Tesla is a .Net-based remote access Trojan (RAT) that first appeared in 2014. The malware is offered for sale on hacking forums and darknet marketplaces and has proven to be a popular choice with low-level hackers and BEC scammers. The malware can be used in various stages...

Read More
Microsoft Fixes 120 Vulnerabilities on August 2020 Patch Tuesday, Including 17 Critical Flaws
Aug11

Microsoft Fixes 120 Vulnerabilities on August 2020 Patch Tuesday, Including 17 Critical Flaws

August 2020 Patch Tuesday has seen Microsoft release 120 patches covering 13 products and a Servicing Stack Update for Windows 10 advisory. 17 of the vulnerabilities are rated critical, including 2 zero days, and 103 have been rated important. The two zero days are being actively exploited and an exploit for one of those flaws has been released publicly, so it is important for the security updates to be applied as soon as possible....

Read More
Adobe Fixes 26 Vulnerabilities Including 11 Critical Flaws
Aug11

Adobe Fixes 26 Vulnerabilities Including 11 Critical Flaws

Adobe has released patches to address 26 vulnerabilities in Adobe Acrobat and Adobe Reader, including 11 flaws that have been rated critical. The critical flaws could be exploited to bypass security controls, with 9 of the critical flaws allowing the remote execution of arbitrary code. The remote code execution vulnerabilities are a mix of out-of-bounds write vulnerabilities (CVE-2020-9693 and CVE-2020-9694), use-after-free...

Read More
INTERPOL Report Shows Major Increase in Cyberattacks During the COVID-19 Pandemic
Aug06

INTERPOL Report Shows Major Increase in Cyberattacks During the COVID-19 Pandemic

INTERPOL has completed an assessment of the impact of COVID-19 on cybercrime and has found a major increase in attacks during the pandemic, with cybercriminals shifting their focus from targeting individuals and small businesses to attacking large corporations, critical infrastructure, and government agencies. With many countries implementing lockdowns to curb COVID-19 infections, businesses have been forced into allowing virtually of...

Read More
Online Shopping Scams Have Soared During the COVID-19 Pandemic
Aug05

Online Shopping Scams Have Soared During the COVID-19 Pandemic

There has been a major increase in online shopping scams during the COVID-19 pandemic, according to a recent public service announcement by the FBI. Reports to the FBI’s Internet Crime Complaint Center (IC3) from victims of online shopping scams have soared in recent months. Many of the reports concern orders from websites where the goods are not received or where different items to those ordered were sent. Victims of these scams were...

Read More
FBI Issues Flash Alert Warning of Netwalker Ransomware Attacks
Jul31

FBI Issues Flash Alert Warning of Netwalker Ransomware Attacks

The FBI has issued a Flash Alert following an increase in Netwalker ransomware attacks in the United States. Netwalker ransomware was first identified in March 2020 and was used in an attack on the Australian transportation and logistics company Toll Group. Attacks have also been conducted on an Illinois public health department, a Maryland operator of assisted living facilities, and the University of California, San Francisco. The...

Read More
Vulnerability in Cisco’s Network Security Products Being Actively Exploited
Jul28

Vulnerability in Cisco’s Network Security Products Being Actively Exploited

A high severity flaw in Cisco’s network security products is now being actively exploited. The vulnerability is present in the Cisco products used by many large enterprises and Fortune 500 firms and allows a remote attacker to gain access to sensitive data. The vulnerability is tracked as CVE-2020-3452 and was assigned a CVSS v3 base score of 7.5 out of 10. The flaw is present in the web services interface of Cisco’s Firepower Threat...

Read More
Critical Vulnerability in F5 Networks BIG-IP Devices Exploited in Real-World Attacks
Jul27

Critical Vulnerability in F5 Networks BIG-IP Devices Exploited in Real-World Attacks

On Friday, July 24, 2020, the DHS Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers have started exploiting the CVE-2020-5902 vulnerability in F5 Networks BIG-IP devices. F5 BIG-IP devices are used for load balancing and generally sit between the firewall and a web application. They are used by many Fortune 500 companies, large enterprises, and government agencies and are an attractive target for hackers....

Read More
Out of Band Update Corrects 12 Critical Flaws in Adobe Photoshop, Prelude and Bridge
Jul22

Out of Band Update Corrects 12 Critical Flaws in Adobe Photoshop, Prelude and Bridge

Adobe has issued an out of band update to correct 12 critical vulnerabilities in Adobe Photoshop, Adobe Prelude, and Adobe Bridge, and an information disclosure vulnerability in Adobe Reader Mobile for Android. The critical flaws could all lead to remote code execution on Windows machines in the context of the current user. The impact of the flaws will be limited for standard Windows users, although exploits for the vulnerabilities...

Read More
17-Year Old Critical Wormable DNS Bug Patched by Microsoft
Jul15

17-Year Old Critical Wormable DNS Bug Patched by Microsoft

Microsoft has released a patch for a critical, wormable flaw in Microsoft’s Windows DNS Server that dates back to 2003. The vulnerability, tracked as CVE-2020-1350, was identified by security researchers at Check Point who named it SIGRed. Virtually all businesses will be running DNS with Active Directory and will be affected. Given the number of businesses affected, the ease of exploitation, and how the flaw could be exploited to...

Read More
Maximum Severity Flaw in SAP Could Allow Full Takeover of Enterprise System
Jul14

Maximum Severity Flaw in SAP Could Allow Full Takeover of Enterprise System

The U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency has issued an alert about a critical vulnerability in the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. The flaw, tracked as CVE-2020-6287, can be exploited through HTTP and would allow an attacker to take full control of vulnerable SAP applications. The flaw was discovered by researchers at Onapsis who named...

Read More
Zoom Fixes Zero-Day Legacy Windows RCE Flaw
Jul13

Zoom Fixes Zero-Day Legacy Windows RCE Flaw

A zero-day vulnerability in the Zoom Windows client that could potentially allow remote code execution has now been patched by Zoom. The flaw only affected users running Windows 7 or earlier Windows versions. Later Windows versions were unaffected. Last week, Acros Security announced in a blog post that a zero-day vulnerability had been discovered, and Zoom was notified around the same time. Details about the flaw were not publicly...

Read More

Immediate Access

Privacy Policy