Microsoft Monthly Security Update (April 2024)
Microsoft has released monthly security update for their products: Vulnerable ProductRisk LevelImpactsNotesBrowser Low RiskSpoofing Windows High RiskSecurity Restriction Bypass Remote Code Execution...
News
US-CERT Vulnerability Summary for the Week of April 1, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Critical Vulnerability in WordPress LayerSlider Plugin
LayerSlider has released updates to address a critical vulnerability (CVE-2024-2879) affecting their LayerSlider plugin for WordPress. The vulnerability has a...
US-CERT Vulnerability Summary for the Week of March 25, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Multiple High Severity Vulnerabilities in Cisco IOS and IOS XE Software
Cisco has released updates addressing multiple high severity vulnerabilities (CVE-2024-20311, CVE-2024-20314, CVE-2024-20307, CVE-2024-20308, CVE-2024-20259, CVE-2024-20303) affecting their IOS and IOS...
Critical Vulnerability in XZ Utils
Security researchers have disclosed a critical vulnerability (CVE-2024-3094) in XZ Utils used in Linux distributions. The vulnerability has a Common...
Dinodasrat Malware Targets Linux Servers In Espionage Campaign
Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known...
Vultur Banking Malware For Android Poses As Mcafee Security App
Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities...
Atandt Confirms Data For 73 Million Customers Leaked On Hacker Forum
AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially...
Red Hat Warns Of Backdoor In Xz Tools Used By Most Linux Distros
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found...
Activision Enable 2fa To Secure Accounts Recently Stolen By Malware
An infostealer malware campaign has collected millions of logins from users of various gaming websites, including players that use cheats,...
Remote Monitoring Management Software Used In Phishing Attacks
Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today,...
Stopping A Targeted Attack On A Managed Service Provider Msp With Threatdown Mdr
In late January 2024, the ThreatDown Managed Detection and Response (MDR) team found and stopped a three-month long malware campaign...
One Year Later Rhadamanthys Is Still Dropped Via Malvertising
It was just a little over a year ago that the Rhadamanthys stealer was first publicly seen distributed via malicious...
Massive Utility Scam Campaign Spreads Via Online Ads
For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their...
Ransomware Review March 2024
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on...
New Go Loader Pushes Rhadamanthys
Malware loaders (also known as droppers or downloaders) are a popular commodity in the criminal underground. Their primary function is...
Stopping A K 12 Cyberattack Solarmarker With Threatdown Mdr
In early 2024, a large K-12 school district partnered with ThreatDown MDR to strengthen its cybersecurity posture. Shortly after onboarding,...
Pikabot Malware On The Rise What Organizations Need To Know
A new type of malware is being used by ransomware gangs in their attacks, and its name is PikaBot. A...
Fakebat Delivered Via Several Active Malvertising Campaigns
February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw...
Pypi Suspends New User Registration To Block Malware Campaign
The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an...
Cisco Warns Of Password Spraying Attacks Targeting Vpn Services
Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN...
How Pentesting As A Service Can Reduce Overall Security Costs
If your job involves keeping applications or data secure, you know how important penetration testing can be in identifying potential...
Decade Old Linux Wall Bug Helps Make Fake Sudo Prompts Steal Passwords
A vulnerability in the wall command of the util-linux package that is part of the Linux operating system could allow an unprivileged...
