Link Found Connecting Chaos, Onyx and Yashma Ransomware

For a year now, threat actors have been using different versions of the same ransomware builder – “Chaos” – to attack governments, corporations and healthcare facilities. Now researchers from Blackberry have connected the dots, painting a picture of a malware that has evolved five times in twelve...

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side when he is working late. Origin of his Hacker name...

In hot pursuit of ‘cryware’: Defending hot wallets from attacks

The steep rise in cryptocurrency market capitalization, not surprisingly, mirrors a marked increase in threats and attacks that target or leverage cryptocurrencies. But Microsoft researchers are observing an even more interesting trend: the evolution of related malware and their techniques, and t...

new packages: evolution-mapi

An update is available for openchange, evolution-mapi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see t...

new packages: evolution

An update is available for evolution. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9....

GHSA-8H24-3CJR-XXMH Evolution CMS Stored Cross-site Scripting (XSS)

Evolution CMS 1.4.x prior to 1.4.6 allows XSS via the page weblink title parameter to the manager/ URI...

Evolution CMS Stored Cross-site Scripting (XSS)

Evolution CMS 1.4.x prior to 1.4.6 allows XSS via the page weblink title parameter to the manager/ URI...

Evolution CMS Cross-site Scripting (XSS)

Evolution CMS 1.4.x prior to 1.4.6 allows XSS via the manager/ search parameter...

GHSA-9MFC-GR8C-XJ4M Evolution CMS Cross-site Scripting (XSS)

Evolution CMS 1.4.x prior to 1.4.6 allows XSS via the manager/ search parameter...

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could help new defenders...

New ransomware trends in 2022

Ahead of the Anti-Ransomware Day, we summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop...

OESA-2022-1628 evolution-data-server security update

The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...

evolution-mapi bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

ALBA-2022:1907 evolution-mapi bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

evolution-data-server bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

evolution-data-server bug fix and enhancement update

An update is available for evolution-data-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

CANs Reinvent LANs for an All-Local World

In an article I wrote over a year ago called “Securing the New Normal of Network Access,” I presented four access scenarios that modern organizations needed to enable users to stay securely connected and protected in the new normal of a work-from-anywhere world. Of course, “new” is a relative ter...

EulerOS 2.0 SP10 : nss (EulerOS-SA-2022-1477)

According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...

EulerOS Virtualization 2.10.1 : nss (EulerOS-SA-2022-1381)

According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA o...

EulerOS Virtualization 2.10.0 : nss (EulerOS-SA-2022-1407)

According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA o...