Phishing Spree Targets Zimbra Collaboration Account Holders
Cybersecurity researchers at ESET have exposed an ongoing mass-spreading phishing campaign that explicitly targets Zimbra Collaboration email server users. The...
News
CISA Launches Joint Initiative to Secure RMM Software
The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its Remote Monitoring and Management (RMM) Cyber Defense Plan. Created in...
CISA Urges Patching of Actively Exploited Citrix Bug
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a Citrix flaw patched in June is being actively...
NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security
A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform (WFP) to achieve privilege...
US-CERT Vulnerability Summary for the Week of August 7, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info phoenixcontact -- wp_6xxx_series In PHOENIX CONTACTs WP 6xxx series web panels...
Why You Need Continuous Network Monitoring?
Changes in the way we work have had significant implications for cybersecurity, not least in network monitoring. Workers no longer...
China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons
An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons...
New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities
A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of...
New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the...
Malvertisers up their game against researchers
Threat actors constantly take notice of the work and takedown efforts initiated by security researchers. In this constant game of cat...
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks
An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The...
Google Introduces First Quantum Resilient FIDO2 Security Key Implementation
Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative....
CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller...
Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability
Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as...
Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations
Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that's used by 30,000...
Google Introduces First Quantum Resilient FIDO2 Security Key
Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative....
Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security
More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages,...
Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks
Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the...
What’s the State of Credential theft in 2023?
At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams....
Just announced: AI and security standards keynotes at mWISE
Mark your calendar for mWISE™, the uniquely targeted, community-focused cybersecurity conference from Mandiant. It’s taking place September 18–20, 2023 in...
Major U.S. energy org targeted in QR code phishing attack
A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious...
Google released first quantum-resilient FIDO2 key implementation
Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema...
CISA warns of critical Citrix ShareFile flaw exploited in the wild
CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown...
Massive 400,000 proxy botnet built with stealthy malware infections
Researchers have uncovered a massive campaign that delivered proxy server apps to at least 400,000 Windows systems. The devices act...
