US-CERT Bulletin (SB22-220):Vulnerability Summary for the Week of August 1, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
News
Risky Business: Enterprises Can’t Shake Log4j flaw
70% of Large enterprises that previously addressed the Log4j flaw are still struggling to patch Log4j-vulnerable assets. INTRODUCTION In December...
Experts found 10 malicious packages on PyPI used to steal developers’ data
10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. Check Point researchers...
Hackers behind Twilio data breach also targeted Cloudflare employees
Cloudflare revealed that at least 76 employees and their family members were targeted by smishing attacks similar to the one...
CISA adds UnRAR and Windows flaws to Known Exploited Vulnerabilities Catalog
US Critical Infrastructure Security Agency (CISA) adds vulnerabilities in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The Cybersecurity...
VMware warns of public PoC code for critical auth bypass bug CVE-2022-31656
VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products. VMware...
Andariel deploys DTrack and Maui ransomware
On July 7, 2022, the CISA published an alert, entitled, “North Korean State-Sponsored Cyber Actors Use Maui Ransomware To Target...
Microsoft Patch Tuesday for August 2022 fixed actively exploited zero-day
Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft Patch...
Forecasting Metaverse Threats: Will it Become Metaworse?
This report shares threat predictions concerning a rapidly evolving area of the physical and digital word – the metaverse. We...
A Secure Access Service Edge (SASE ) Guide for Leaders
Discover the benefits of SASE in adopting modern security architectures to reduce cyber risk across the attack surface. If you...
Oil and Gas Cybersecurity: Industry Overview Part 1
With geopolitical tensions running high, oil and gas companies may be more susceptible to cyberattacks. If you like the site,...
Facebook’s Metaverse is Expanding the Attack Surface
Understand the cybersecurity risks in the Metaverse If you like the site, please consider joining the telegram channel or supporting...
Experts linked Maui ransomware to North Korean Andariel APT
Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group. Kaspersky linked with medium confidence...
Chinese actors behind attacks on industrial enterprises and public institutions
China-linked threat actors targeted dozens of industrial enterprises and public institutions in Afghanistan and Europe. In January 2022, researchers at...
US sanctioned crypto mixer Tornado Cash used by North Korea-linked APT
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by North...
Malicious file analysis – Example 01
Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022....
Targeted attack on industrial enterprises and public institutions
In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military industrial complex enterprises and public...
Orchard botnet uses Bitcoin Transaction info to generate DGA domains
Experts spotted a new botnet named Orchard using Bitcoin creator Satoshi Nakamoto’s account information to generate malicious domains. 360 Netlab...
Twilio discloses data breach that impacted customers and employees
Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications...
LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities
LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing...
Phishy calls and emails play on energy cost increase fears
Gas and electricity price concerns are rife at the moment, with spiralling costs and bigger increases waiting down the line....
Attackers abuse open redirects in Snapchat and Amex in phishing attacks
Threat actors abuse open redirects on Snapchat and American Express to launch phishing attacks against Microsoft 365 users. Attackers abused...
Microsoft is blocking Tutanota email addresses from registering a MS Teams account
Microsoft is actively blocking Tutanota email addresses from registering a Microsoft Teams account. Tutanota is an end-to-end encrypted email app...
Serious cyberattack hits German Chambers of Industry and Commerce (DIHK)
A massive cyberattack hit the website of the German Chambers of Industry and Commerce (DIHK) this week. A massive attack...
