High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners
Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if successfully exploited, could...
News
Grapheneos Frequent Android Auto Reboots Block Firmware Exploits
The GrapheneOS team behind the privacy and security-focused Android-based operating system with the same name is suggesting that Android should introduce an auto-reboot...
Save Up To 315 On Data Privacy Tools With Adguard Vpn
A virtual private network (VPN) is a foundational data privacy tool for both professional life and your day-to-day browsing. AdGuard...
New Findings Challenge Attribution in Denmark’s Energy Sector Cyberattacks
The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked...
Critical Vulnerability in Juniper Networks Products
Juniper Networks has released security updates addressing a critical vulnerability (CVE-2024-21591) in their SRX Series firewalls and EX Series switches....
Critical Vulnerabilities in GitLab Products
GitLab has released security updates addressing critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356) in their Community Edition (CE) and Enterprise Edition (EE)....
Hacker Spins Up 1 Million Virtual Servers To Illegally Mine Crypto
A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used...
Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and...
29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services
A 29-year-old Ukrainian national has been arrested in connection with running a "sophisticated cryptojacking scheme," netting them over $2 million...
Gitlab Warns Of Critical Zero Click Account Hijacking Vulnerability
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them...
Ivanti Connect Secure Zero Days Exploited To Deploy Custom Malware
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple...
The Week In Ransomware January 12th 2024 Targeting Homeowners Data
Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked....
Cisa Critical Microsoft Sharepoint Bug Now Actively Exploited
CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another...
Juniper Warns Of Critical Rce Bug In Its Firewalls And Switches
Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series...
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis...
CISA Urges Critical Infrastructure to Patch Urgent ICS Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has urged critical infrastructure organizations to address vulnerabilities affecting nine industrial control...
Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams
Cybercriminal are exploiting employee desires for job satisfaction and orgnaizations’ promise of benefits with a flurry of phishing scams.Pay raises,...
Urgent: GitLab Releases Patch for Critical Vulnerabilities – Update ASAP
GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts...
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data...
Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two...
Associated Press Espn Cbs Among Top Sites Serving Fake Virus Alerts
ScamClub is a threat actor who’s been involved in malvertising activities since 2018. Chances are you probably ran into one...
Malvertisers Zoom In On Cryptocurrencies And Initial Access
During the past month, we have observed an increase in the number of malicious ads on Google searches for “Zoom”,...
Atomic Stealer Distributed To Mac Users Via Fake Browser Updates
Atomic Stealer, also known as AMOS, is a popular stealer for Mac OS. Back in September, we described how malicious...
Ransomware Review November 2023
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on...
