CISA added 7 new flaws to its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 7 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity...
News
TA558 cybercrime group targets hospitality and travel orgs
TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint...
Russia-linked Cozy Bear uses evasive techniques to target Microsoft 365 users
Russia-linked APT group Cozy Bear continues to target Microsoft 365 accounts in NATO countries for cyberespionage purposes. Mandiant researchers reported...
CISA added SAP flaw to its Known Exploited Vulnerabilities Catalog
US CISA added a critical SAP flaw to its Known Exploited Vulnerabilities Catalog after its details were disclosed at the...
A flaw in Amazon Ring could expose user’s camera recordings
Amazon addressed a high-severity flaw in its Ring app for Android that could have exposed sensitive information and camera recordings....
Cisco fixes High-Severity bug in Secure Web Appliance
Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from...
Bumblebee attacks, from initial access to the compromise of Active Directory Services
Threat actors are using the Bumblebee loader to compromise Active Directory services as part of post-exploitation activities. The Cybereason Global Security...
Estonia blocked cyberattacks claimed by Pro-Russia Killnet group
Estonia announced to have blocked a wave of cyber attacks conducted by Russian hackers against local institutions. Undersecretary for Digital...
Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild
Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild....
Business Email Compromise Attack Tactics
Is BEC more damaging than ransomware? What tactics are BEC actors using? How can organizations bolster their defenses? Jon Clay,...
Google blocked the largest Layer 7 DDoS reported to date
Google announced to have blocked the largest ever HTTPs DDoS attack, which reached 46 million requests per second (RPS). Google...
BlackByte ransomware v2 is out with new extortion novelties
A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones....
Apple fixed two new zero-day flaws exploited by threat actors
Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS,...
PoC exploit code for critical Realtek RCE flaw released online
Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC...
Black Hat USA 2022 and DEF CON 30
Black Hat 2022 USA Briefings wrapped up this past week, along with its sister conference DEF CON 30. The DEF...
China-linked RedAlpha behind multi-year credential theft campaign
A China-linked APT group named RedAlpha is behind a long-running mass credential theft campaign aimed at organizations worldwide. Recorded Future researchers attributed...
Analyzing the Hidden Danger of Environment Variables for Keeping Secrets
While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for...
Protecting S3 from Malware: The Cold Hard Truth
Cloud object storage is a core component of any modern application, but most cloud file storage security is insufficient. If...
US-CERT Bulletin (SB22-227):Vulnerability Summary for the Week of August 8, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Bugdrop dropper includes features to circumvent Google’s security Controls
Researchers have discovered a previously undocumented Android dropper, dubbed BugDrop, that’s still under development. Recently, researchers from ThreatFabric discovered a...
Google fixed a new Chrome Zero-Day actively exploited in the wild
Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this...
North Korea-linked APT targets Job Seekers with macOS malware
The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1...
ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data
Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret...
Zoom fixed two flaws in macOS App that were disclosed at DEF CON
Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference. Zoom last week...
