Year: 2023

CISA: Mozilla Releases Security Updates for Multiple Products

August 10, 2023

Mozilla Releases Security Updates for Multiple Products Mozilla has released security updates to address vulnerabilities for Firefox 116, Firefox ESR...

CISA: CISA Releases its Cybersecurity Strategic Plan

August 10, 2023

CISA Releases its Cybersecurity Strategic Plan Today, CISA released a strategic plan to lay out how we will fulfill our...

CISA: CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022

August 10, 2023

CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022 The U.S. Cybersecurity and...

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

August 10, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...

CISA: CISA Releases Five Industrial Control Systems Advisories

August 10, 2023

CISA Releases Five Industrial Control Systems Advisories CISA released five Industrial Control Systems (ICS) advisories on August 3, 2023. These...

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

August 10, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...

CISA: Adobe Releases Security Updates for Multiple Products

August 10, 2023

Adobe Releases Security Updates for Multiple Products Adobe has released security updates to address multiple vulnerabilities in Adobe software. An...

CISA: Microsoft Releases August 2023 Security Updates

August 10, 2023

Microsoft Releases August 2023 Security Updates Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can...

CISA: Fortinet Releases Security Update for FortiOS

August 10, 2023

Fortinet Releases Security Update for FortiOS Fortinet has released a security update to address a vulnerability (CVE-2023-29182) affecting FortiOS. A...

CISA: CISA Releases Two Industrial Control Systems Advisories

August 10, 2023

CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on August 8, 2023. These...

US-CERT Vulnerability Summary for the Week of July 31, 2023

August 9, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...

Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs

August 9, 2023

Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from...

China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign

August 9, 2023

Hackers associated with China's Ministry of State Security (MSS) have been linked to attacks in 17 different countries in Asia,...

e0af5731705a375b07dbdfb1cefd9f8399f8c07f5d0dee759e230e54eecdc738

Digital assets continue to be prime target for malvertisers

August 9, 2023

Cyber-criminals continue to impersonate brands via well-crafted phishing websites. We previously covered attacks on both consumers and businesses via online searches...

Diamond Model for Threat Hunting?

August 9, 2023

Introduction Background of Threat Hunting Threat hunting is a proactive and iterative approach to detecting and isolating advanced threats that...

New Report Exposes Vice Society’s Collaboration with Rhysida Ransomware

August 9, 2023

Tactical similarities have been unearthed between the double extortion ransomware group known as Rhysida and Vice Society, including in their...

Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining

August 9, 2023

Exposed Kubernetes (K8s) clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors. Cloud security firm...

U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons

August 9, 2023

The U.K. Electoral Commission on Tuesday disclosed a "complex" cyber attack on its systems that went undetected for over a...

Continuous Security Validation with Penetration Testing as a Service (PTaaS)

August 9, 2023

Validate security continuously across your full stack with Pen Testing as a Service. In today's modern security operations center (SOC),...

LockBit 3.0 Ransomware Victim: unitycouncil[.]org

August 9, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Microsoft Windows Common Log File System Driver privilege escalation | CVE-2023-36900

August 9, 2023

NAME__________Microsoft Windows Common Log File System Driver privilege escalationPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows...

Mediatek products denial of service | CVE-2023-20793

August 9, 2023

NAME__________Mediatek products denial of servicePlatforms Affected:MediaTek Android MediaTek ChipsetsRisk Level:4.4Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Mediatek products are vulnerable to a denial of...

Microsoft Windows LDAP code execution | CVE-2023-38184

August 9, 2023

NAME__________Microsoft Windows LDAP code executionPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 x32 Microsoft Windows...

Foswiki directory traversal | CVE-2023-33756

August 9, 2023

NAME__________Foswiki directory traversalPlatforms Affected:Foswiki Foswiki 2.1.7Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Foswiki could allow a remote attacker to traverse directories on the system,...

Year: 2023

CISA: Mozilla Releases Security Updates for Multiple Products

CISA: CISA Releases its Cybersecurity Strategic Plan

CISA: CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Releases Five Industrial Control Systems Advisories

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Adobe Releases Security Updates for Multiple Products

CISA: Microsoft Releases August 2023 Security Updates

CISA: Fortinet Releases Security Update for FortiOS

CISA: CISA Releases Two Industrial Control Systems Advisories

US-CERT Vulnerability Summary for the Week of July 31, 2023

Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs

China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign

Digital assets continue to be prime target for malvertisers

Diamond Model for Threat Hunting?

New Report Exposes Vice Society’s Collaboration with Rhysida Ransomware

Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining

U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons

Continuous Security Validation with Penetration Testing as a Service (PTaaS)

LockBit 3.0 Ransomware Victim: unitycouncil[.]org

Microsoft Windows Common Log File System Driver privilege escalation | CVE-2023-36900

Mediatek products denial of service | CVE-2023-20793

Microsoft Windows LDAP code execution | CVE-2023-38184

Foswiki directory traversal | CVE-2023-33756

Harnessing Artificial Intelligence to Secure Cyber Frontiers

[APT73] – Ransomware Victim: coel[.]com[.]mx

[QILIN] – Ransomware Victim: MPP Group of Companies

[QILIN] – Ransomware Victim: Alford Walden Law

[QILIN] – Ransomware Victim: Pasco Systems

You may have missed