CISA warns govt agencies to patch Adobe ColdFusion servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on...
News
Clop now leaks data stolen in MOVEit attacks on clearweb sites
The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims,...
US-CERT Vulnerability Summary for the Week of July 10, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoelra -- parkmatikImproper Neutralization of Special Elements used in an SQL Command...
Stolen Microsoft key offered widespread access to Microsoft cloud services
The Microsoft consumer signing key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and...
Over 15K Citrix servers likely vulnerable to CVE-2023-3519 attacks
Thousands of Citrix Netscaler ADC and Gateway servers exposed online are likely vulnerable against a critical remote code execution (RCE)...
US-CERT Vulnerability Summary for the Week of July 10, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoelra -- parkmatikImproper Neutralization of Special Elements used in an SQL Command...
Netscaler ADC bug exploited to breach US critical infrastructure org
The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector...
VirusTotal apologizes for data leak affecting 5,600 customers
VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file...
The Week in Ransomware – July 21st 2023 – Avaddon Back as NoEscape
This edition of the Week in Ransomware covers the last two weeks of news, as we could not cover it...
Stolen Azure AD key offered widespread access to Microsoft cloud services
The Microsoft private encryption key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and...
Clop gang to earn over $75 million from MOVEit extortion attacks
The Clop ransomware gang is expected to earn between $75-100 million from extorting victims of their massive MOVEit data theft...
GitHub Warns Devs of North Korean Attacks
GitHub has warned of a new North Korean threat campaign designed to compromise victims via malicious npm package dependencies.The development...
Clop Drives Record Ransomware Activity in June
Ransomware attacks in June soared 221% year-on-year to hit a record 434 for the month, according to an analysis from...
Russian Prosecutor Asks for 18 Years in Jail for Group-IB Founder
The Russian state prosecution asked the Moscow City Court to impose 18 years in a strict colony regime on Ilya...
Plurilock Launches Generative AI ‘Guardrails’ Product for Workforces
Generative AI tools have conquered the workplace, especially large language model-based (LLM) chatbots like OpenAI’s ChatGPT and Google’s Bard.These powerful...
US DoJ Announces Plan to Shakeup Cybercrime Investigations
The US Department of Justice (DoJ) is doubling the size of the team investigating cryptocurrency crime, with the fight against...
Chinese Hackers Breached Ambassador’s Email
A Chinese cyber-espionage campaign revealed by Microsoft last week compromised the government email account of the US ambassador to China...
US-CERT Vulnerability Summary for the Week of July 10, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoelra -- parkmatikImproper Neutralization of Special Elements used in an SQL Command...
Adobe fixes patch bypass for exploited ColdFusion CVE-2023-29298 flaw
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in...
APT41 hackers target Android users with WyrmSpy, DragonEgg spyware
The Chinese state-backed APT41 hacking group is targeting Android devices with two newly discovered spyware strains dubbed WyrmSpy and DragonEgg...
New P2PInfect worm malware targets Linux and Windows Redis servers
Earlier this month, security researchers discovered a new peer-to-peer (P2P) malware with self-spreading capabilities that targets Redis instances running on...
Critical AMI MegaRAC bugs can let hackers brick vulnerable servers
Image: Bing Image Creator Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software...
GitHub warns of Lazarus hackers targeting devs with malicious projects
GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and...
Threat Actors are Targeting Your Web Applications – Here’s How To Protect Them
Web applications remain a prime target for cyberattacks, posing significant risks to businesses and their bottom lines. So much so,...