News

Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platforms

August 30, 2023

Microsoft has observed a proliferation of adversary-in-the-middle (AiTM) techniques deployed through phishing-as-a-service (PhaaS) platforms, the company explained in a series...

US-CERT Vulnerability Summary for the Week of August 21, 2023

August 29, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoqemu -- qemuThe hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model...

0ce4da56bde5886963a2ff7b0ddc6035753e82161af70f904437c86cbef0dea0

Survey Provides Takeaways for Security Pros to Operationalize their Remediation Life Cycle

August 29, 2023

Ask any security professional and they'll tell you that remediating risks from various siloed security scanning tools requires a tedious...

Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks

August 29, 2023

Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service...

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

August 29, 2023

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to...

Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability

August 29, 2023

Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what's suspected to be...

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

August 29, 2023

A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity...

Mom’s Meals discloses data breach impacting 1.2 million people

August 29, 2023

PurFoods, which conducts business in the U.S. as 'Mom's Meals,' is warning of a data breach after the personal information...

Four common password mistakes hackers love to exploit

August 29, 2023

Our brains are incredibly good at pattern completion – it’s why we see animals in the clouds and remember entire...

Microsoft will enable Exchange Extended Protection by default this fall

August 29, 2023

Microsoft announced today that Windows Extended Protection will be enabled by default on servers running Exchange Server 2019 starting this...

Spain warns of LockBit Locker ransomware phishing attacks

August 29, 2023

The National Police of Spain is warning of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country...

Exploit released for Juniper firewall bugs allowing RCE attacks

August 29, 2023

Proof-of-concept exploit code has been publicly released for vulnerabilities in Juniper SRX firewalls that, when chained, can allow unauthenticated attackers...

Attacks on Citrix NetScaler systems linked to ransomware actor

August 29, 2023

A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to...

MalDoc in PDFs: Hiding malicious Word docs in PDF files

August 29, 2023

Japan's computer emergency response team (JPCERT) is sharing a new 'MalDoc in PDF' attack detected in July 2023 that bypasses...

Juniper Junos OS Multiple Vulnerabilities

August 29, 2023

Multiple vulnerabilities were identified in Juniper Junos OS. A remote attacker could exploit some of these vulnerabilities to trigger denial of...

US-CERT Vulnerability Summary for the Week of August 21, 2023

August 28, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoqemu -- qemuThe hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model...

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege

August 28, 2023

Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application...

KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities

August 28, 2023

An updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out...

Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel

August 28, 2023

In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages...

Cyberattacks Targeting E-commerce Applications

August 28, 2023

Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and...

ICO calls on social media firms to protect user’s data from scraping

August 28, 2023

UK's Information Commissioner's Office (ICO), together with eleven data protection and privacy authorities from around the world, have published a...

Rhysida claims ransomware attack on Prospect Medical, threatens to sell data

August 28, 2023

The Rhysida ransomware gang has claimed responsibility for the massive cyberattack on Prospect Medical Holdings, claiming to have stolen 500,000...

US-CERT Vulnerability Summary for the Week of August 14, 2023

August 27, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infofoldingathome -- client_advanced_controlAn issue was discovered in FoldingAtHome Client Advanced Control GUI...

US-CERT Vulnerability Summary for the Week of August 14, 2023

August 26, 2023

News

Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platforms

US-CERT Vulnerability Summary for the Week of August 21, 2023

Survey Provides Takeaways for Security Pros to Operationalize their Remediation Life Cycle

Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

Mom’s Meals discloses data breach impacting 1.2 million people

Four common password mistakes hackers love to exploit

Microsoft will enable Exchange Extended Protection by default this fall

Spain warns of LockBit Locker ransomware phishing attacks

Exploit released for Juniper firewall bugs allowing RCE attacks

Attacks on Citrix NetScaler systems linked to ransomware actor

MalDoc in PDFs: Hiding malicious Word docs in PDF files

Juniper Junos OS Multiple Vulnerabilities

US-CERT Vulnerability Summary for the Week of August 21, 2023

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege

KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities

Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel

Cyberattacks Targeting E-commerce Applications

ICO calls on social media firms to protect user’s data from scraping

Rhysida claims ransomware attack on Prospect Medical, threatens to sell data

US-CERT Vulnerability Summary for the Week of August 14, 2023

US-CERT Vulnerability Summary for the Week of August 14, 2023

CISA: CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware

CISA: CISA Releases Nine Industrial Control Systems Advisories

CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA: CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

You may have missed