UK Privacy Regulator Issues Black Friday Smart Device Warning
The Information Commissioner’s Office (ICO) has urged shoppers to investigate the privacy and security credentials of any smart technologies they’re...
News
Microsoft Fixes Five Zero-Day Vulnerabilities
Microsoft has released fixes for five zero-day vulnerabilities in its monthly update round, three of which are being actively exploited...
US-CERT Vulnerability Summary for the Week of October 30, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocontec -- solarview_compact_firmwareAn issue in Contec SolarView Compact v.6.0 and before allows...
Citrix Hypervisor Security Bulletin for CVE-2023-23583 and CVE-2023-46835
Description of Problem An issue has been discovered that affects Citrix Hypervisor 8.2 CU1 LTSR and may allow malicious privileged...
Pharmacy provider Truepill data breach hits 2.3 million customers
Postmeds, doing business as ‘Truepill,’ is sending notifications of a data breach informing recipients that threat actors accessed their sensitive...
Meet the Unique New “Hacking” Group: AlphaLock
It’s not every day that you discover a new Russian hacking group complete with a song and dance routine (performed...
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed
The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large...
VMware discloses critical VCD Appliance auth bypass with no patch
VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to...
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes...
New Reptar CPU flaw impacts Intel desktop and server systems
Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder...
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks
The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents...
IPStorm botnet with 23,000 proxies for malicious traffic dismantled
The U.S. Department of Justice announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet...
Microsoft Monthly Security Update (November 2023)
Microsoft has released monthly security update for their products: Vulnerable ProductRisk LevelImpactsNotesBrowser Medium RiskRemote Code Execution Elevation of Privilege Spoofing Azure Medium...
NCSC: UK Facing “Enduring and Significant” Cyber-Threat
The UK’s critical infrastructure (CNI) providers face a persistent and critical threat from emboldened state-backed and aligned actors, a leading...
Python Package Index Faces Security Crisis With Validated Leaks
Security researchers have discovered a total of 3938 unique secrets on PyPI, the official third-party package management system for the...
82% of Attacks Show Cyber-Criminals Targeting Telemetry Data
Cyber-criminals have been observed disabling or wiping out logs in 82% of incidents. The findings come from the latest report from...
Royal Ransomware Gang Demands $275m in a Year
The Royal ransomware group has targeted more than 350 global victims since September 2022, demanding hundreds of millions in ransom...
Pro-Palestine APT Group Uses Novel Downloader in New Campaign
A Middle Eastern advanced persistent threat (APT) group launched a new series of targeted cyber-espionage attacks from July to October...
US-CERT Vulnerability Summary for the Week of October 30, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocontec -- solarview_compact_firmwareAn issue in Contec SolarView Compact v.6.0 and before allows...
Top 5 Marketing Tech SaaS Security Challenges
Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach,...
Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers
The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March...
Criminal IP & Cisco SecureX/XDR: Enhanced Cyber Threat Analysis
Criminal IP, a prominent Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has recently integrated with Cisco SecureX/XDR,...
FBI: Royal ransomware asked 350 victims to pay $275 million
The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at...
CISA warns of actively exploited Juniper pre-auth RCE exploit chain
CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote...
