CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20273 Cisco IOS XE Web UI Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

Hackers Exploit QR Codes with QRLJacking for Malware Distribution

By Deeba Ahmed Researchers report a surge in QR code-related cyberattacks exploiting phishing and malware distribution, especially QRLJacking and Quishing attacks. This is a post from HackRead.com Read the original post: Hackers Exploit QR Codes with QRLJacking for Malware Distribution...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4966 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability CVE-2021-1435 Cisco IOS XE Web UI Command Injection Vulnerability These types of...

OpenSSF Launches Malicious Packages Repository

By Waqas The launch of the Malicious Packages repository comes at a time when cyberattacks, leveraging malicious open source packages, are on the rise. This is a post from HackRead.com Read the original post: OpenSSF Launches Malicious Packages Repository...

Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge

Recently, the cybersecurity landscape has been confronted with a daunting new reality – the rise of malicious Generative AI, like FraudGPT and WormGPT. These rogue creations, lurking in the dark corners of the internet, pose a distinctive threat to the world of digital security. In this article, ...

CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks

The Computer Emergency Response Team of Ukraine CERT-UA has revealed that threat actors "interfered" with at least 11 telecommunication service providers in the country between May and September 2023. The agency is tracking the activity under the name UAC-0165, stating the intrusions led to servi...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20198 Cisco IOS XE Web UI Privilege Escalation Vulnerabilitylink is external These types of vulnerabilities are frequent attack vectors for malicious cyber actor...

CISA Adds Five Known Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-21608 Adobe Acrobat and Reader Use-After-Free Vulnerability CVE-2023-20109 Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerabilit...

Expanded Microsoft Security Experts offerings provide comprehensive protection

Since we first introduced Microsoft Security Experts in May 2022, we’ve worked hard to expand our new security services category. In the past 16 months, we’ve launched new services, expanded our capabilities, and introduced new ways to buy. Our customers face an unprecedented number of security...

MOVEit Vulnerabilities Expose Organizations to Cyberattacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Critical SQL Injection vulnerabilities in Progress Softwares MOVEit Transfer product, exploited by Clop ransomware gang since May 2023, led to unauthorized access and data breaches, affecting...

Multi-factor authentication has proven it works, so what are we waiting for?

Recently, Amazon announced that it will require all privileged Amazon Web Services AWS accounts to use multi-factor authentication MFA, starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection, especially not for your important accounts. So...

Ransomware reinfections on the rise from improper remediation

Attack. Remediate. Repeat? Speak to any organization infiltrated by ransomware--the most dangerous malware in the world--and theyll be blunt: Theyd do anything to avoid getting hit twice. But ransomware attacks have been ramping up in 2023 and reinfections are occurring all over the globe, forcin...

China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the...

Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle

Cyberattacks on casinos grab attention, but a steady stream of less publicized attacks leave vulnerable victims struggling to recover...

3 reasons why your endpoint security is not enough

Despite widespread deployment of endpoint protection solutions, cyberattacks continue to make headlines, affecting organizations of all sizes and sectors. Recent statistics reveal that 70% of companies were impacted by ransomware last year State of Malware Report 2023, Malwarebytes, and 83%...

How Cyberattacks Are Transforming Warfare

There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in 2007, when Estonia was hit by hackers targeting its government and commercial sector, has evolved into cyber warfare that is being waged constantly worldwide. Today, cyberattacks ha...

The International Criminal Court Will Now Prosecute Cyberwar Crimes

And the first case on the docket may well be Russia’s cyberattacks against civilian critical infrastructure in Ukraine...

Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks

A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service DDoS attacks. Doctor Web said the compromises are likely to occur either during malicious firmware update...

Cyberattacks Targeting Government Agencies on the Rise

By Waqas A concerning trend is emerging on the global stage: a rise in cyberattacks targeting government agencies. This is a post from HackRead.com Read the original post: Cyberattacks Targeting Government Agencies on the Rise...

Cisco VPNs without MFA are under attack by ransomware operator

The Cisco Product Security Incident Response Team PSIRT has posted a blog about Akira ransomware targeting VPNs without Multi-Factor Authentication MFA. The Cisco team states that it is aware of reports of the Akira ransomware group going specifically after Cisco VPNs that are not configured for...