CVE-2022-20685 flaw in the Modbus preprocessor of the Snort makes it unusable
CVE-2022-20685 flaw in the Modbus preprocessor of the Snort detection engine could trigger a DoS condition and make it ineffective...
News
US, Australia, Canada, New Zealand, and the UK warn of Russia-linked threat actors’ attacks
Cybersecurity agencies of the Five Eyes intelligence alliance warn of cyberattacks conducted by Russia-linked threat actors on critical infrastructure. Cybersecurity...
Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners
Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by...
Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners
Recently, we observed attempts to exploit the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — by...
Russian Gamaredon APT continues to target Ukraine
Russia-linked threat actor Gamaredon targets Ukraine with new variants of the custom Pterodo backdoor. Russia-linked Gamaredon APT group (a.k.a. Armageddon, Primitive Bear, and...
The fake Elon Musk Bitcoin giveaway marathon will NOT make you rich
Today we look at a fakeout which begins with Elon Musk, and ends with a trip to Mars (or, if...
Oracle releases massive Critical Patch Update containing 520 security patches
Oracle has issued a Critical Patch Update which contains 520 new security patches across various product families. A few of...
Anonymous hacked other Russian organizations, some of the breaches could be severe
The Anonymous collective and affiliate groups intensify their attacks and claimed to have breached multiple organizations. Anonymous and groups linked...
US warns of APT groups that can “gain full system access” to some industrial control systems
An “exceptionally rare and dangerous” advanced persistent threat (APT) malware kit, containing custom-made tools designed to target some of North America’s...
Beware tragic “my daughter died…” Facebook posts offering free PS5s
Tragic tales are being posted to Facebook, combined with the offer of a giveaway. However, some are perhaps not quite...
CISA adds Windows Print Spooler to its Known Exploited Vulnerabilities Catalog
US Critical Infrastructure Security Agency (CISA) adds a Windows Print Spooler vulnerability to its Known Exploited Vulnerabilities Catalog. The Cybersecurity...
New BotenaGo variant specifically targets Lilin security camera DVR devices
Researchers spotted a new variant of the BotenaGo botnet malware that is considered highly evasive and has a zero-detection rate....
QNAP users are recommended to disable UPnP port forwarding on routers
QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to secure their NAS devices....
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and...
US-CERT Bulletin (SB22-108)yokogawa — centum:Vulnerability Summary for the Week of April 11, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Watch out for Ukraine donation scammers in Twitter replies
The invasion of Ukraine has been a money making opportunity for scammers since the moment it began: Fake donation sites,...
ESET warns of three flaws that affect over 100 Lenovo notebook models
Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. Lenovo has...
North Korean Lazarus APT group targets blockchain tech companies
A new advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the...
Kaspersky releases a free decryptor for Yanluowang ransomware
Kaspersky discovered a flaw in the encryption process of the Yanluowang ransomware that allows victims to recover their files for...
NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks
Researchers reported that threat actors leveraged a new zero-click iMessage exploit to install NSO Group Pegasus on iPhones belonging to Catalans....
New SolarMarker variant upgrades evasion abilities to avoid detection
Researchers disclosed a new variant of the SolarMarker malware that implements new techniques to avoid detection. Cybersecurity researchers from Palo...
Crooks steal $182 million from Beanstalk DeFi platform
Credit-based stablecoin protocol Beanstalk discloses a security breach that resulted in the loss of all of its $182 million. The...
How to recover files encrypted by Yanlouwang
Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident...
Cyber Risk Index (2H’ 2021): An Assessment for Security Leaders
We take a look at our latest Cyber Risk Index (CRI) findings across North America, Europe, Asia-Pacific, and Latin/South America,...
