Cobalt Stike Beacon Detected – 159[.]223[.]224[.]10:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)
Update: Please see our FAQ for the latest guidance and mitigation tips on Follina. On Monday May 30, 2022, Microsoft...
[updated]Unpatched Atlassian Confluence vulnerability is actively exploited
Researchers found a vulnerability in Atlassian Confluence by conducting an incident response investigation. Atlassian rates the severity level of this...
FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day
On Monday May 30, 2022, Microsoft issued CVE-2022-30190 for a zero-day remote code vulnerability, ‘Follina’, already being exploited in the wild...
Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices
After a decent amount of pressure, Owl Labs has finally released updates for vulnerabilities in Meeting Owl, and Whiteboard Owl...
Serious vulnerabilities found in ITarian software, patches available for SaaS products
Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available...
Update Chrome now: Four high risk vulnerabilities found
Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has...
Don’t panic! “Unpatchable” Mac vulnerability discovered
Researchers at MIT’s Computer Science & Artificial Intelligence Lab (CSAIL) found an attack surface in a hardware-level security mechanism utilized...
“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft
Microsoft has warned that “multiple adversaries and nation-state actors” are making use of the recent Atlassian Confluence RCE vulnerability. A...
Update now! Microsoft patches Follina, and many other security updates
The June 2022 Patch Tuesday may go down in history as the day that Follina got patched, but there was...
Google, Apple, and Microsoft step hand in hand into a passwordless future
While we recently “celebrated” World Password Day, almost every security outlet keeps telling us that passwords alone are not enough....
How COVID-19 fuelled a surge in malware
2021 saw a massive surge in detections of malware, adware, and Potentially Unwanted Programs (PUPs). It didn’t matter what the...
Massive increase in XorDDoS Linux malware in last six months
Microsoft says it’s recorded a massive increase in XorDDoS activity (254 percent) in the last six months. XorDDoS, a Linux...
General Motors suffers credential stuffing attack
American car manufacturer General Motors (GM) says it experienced a credential stuffing attack last month. During the attack customer information...
More than a quarter of Americans fell for robocall scam calls in past year
More and more Americans have been falling victim to phone scams since 2019. According to the latest report from Truecaller...
Rotten apples banned from the App store
Apple’s App Review process may have received ill wishes from many benevolent developers, but Apple has now revealed how effective...
Stealthy Symbiote Linux malware is after financial institutions
Symbiote, a new “nearly impossible to detect” Linux malware, targeted financial sectors in Latin America—and the threat actors behind it...
It’s official, today you can say goodbye to Internet Explorer. Or can you?
Today, the Internet Explorer (IE) 11 desktop application goes out of support and will be retired for certain versions of...
Twitter fined $150M after using 2FA phone numbers for marketing
The Federal Trade Commission (FTC) and the Department of Justice (DOJ) have ordered Twitter to pay a $150M penalty for...
Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware
The Google Threat Analysis Group (TAG) has revealed that of the nine zero-day vulnerabilities affecting Chrome, Android, Apple and Microsoft...
FBI warns of education sector credentials on dark web forums
The FBI is warning academics to be on their guard, as an embattled education sector continues to experience attacks and...
SSNDOB stolen data marketplace shut down by global law enforcement operation
The United States Department of Justice has announced a major takedown of a criminal marketplace that traded Personally Identifiable Information...
Coffee app in hot water for constant tracking of user location
A mobile app violated Canada’s privacy laws via some pretty significant overreach with its tracking of device owners. The violation...
Apple’s passkeys attempt to solve the password problem
The recent Apple Worldwide Developers Conference (WWDC) revealed another teasing of what has been referred to as “the end of...
