Critical Vulnerability in Juniper Networks Products
Juniper Networks has released security updates addressing a critical vulnerability (CVE-2024-21591) in their SRX Series firewalls and EX Series switches....
News
Critical Vulnerabilities in GitLab Products
GitLab has released security updates addressing critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356) in their Community Edition (CE) and Enterprise Edition (EE)....
Hacker Spins Up 1 Million Virtual Servers To Illegally Mine Crypto
A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used...
Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and...
29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services
A 29-year-old Ukrainian national has been arrested in connection with running a "sophisticated cryptojacking scheme," netting them over $2 million...
Gitlab Warns Of Critical Zero Click Account Hijacking Vulnerability
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them...
Ivanti Connect Secure Zero Days Exploited To Deploy Custom Malware
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple...
The Week In Ransomware January 12th 2024 Targeting Homeowners Data
Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked....
Cisa Critical Microsoft Sharepoint Bug Now Actively Exploited
CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another...
Juniper Warns Of Critical Rce Bug In Its Firewalls And Switches
Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series...
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis...
CISA Urges Critical Infrastructure to Patch Urgent ICS Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has urged critical infrastructure organizations to address vulnerabilities affecting nine industrial control...
Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams
Cybercriminal are exploiting employee desires for job satisfaction and orgnaizations’ promise of benefits with a flurry of phishing scams.Pay raises,...
Urgent: GitLab Releases Patch for Critical Vulnerabilities – Update ASAP
GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts...
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data...
Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two...
Associated Press Espn Cbs Among Top Sites Serving Fake Virus Alerts
ScamClub is a threat actor who’s been involved in malvertising activities since 2018. Chances are you probably ran into one...
Malvertisers Zoom In On Cryptocurrencies And Initial Access
During the past month, we have observed an increase in the number of malicious ads on Google searches for “Zoom”,...
Atomic Stealer Distributed To Mac Users Via Fake Browser Updates
Atomic Stealer, also known as AMOS, is a popular stealer for Mac OS. Back in September, we described how malicious...
Ransomware Review November 2023
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on...
New Metastealer Malvertising Campaigns
MetaStealer is a popular piece of malware that came out in 2022, levering previous code base from RedLine. Stealers have...
Ransomware Review January 2024
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on...
Ransomware Review December 2023
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on...
Atomic Stealer Rings In The New Year With Updated Version
Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer (AMOS) onto Mac users....
