1589 matches found
UNC2596 exploits Microsoft’s ProxyShell and ProxyLogon vulnerabilities to distribute Cuba Ransomware
...
Weekly Threat Digest: 21-27 February 2022
...
Zabbix affected by two actively exploited vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Multiple security vulnerabilities have been discovered in Zabbix open-source network traffic monitoring software Web Frontend component while implementing client-side sessions storage and are being actively exploited as per...
Chinese APT group targets financial institutions in the campaign “Operation Cache Panda”
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Chinese threat actor APT10 conducted a series of large-scale supply chain attacks that exclusively targeted the financial software systems of Taiwanese financial institutions from the end of November 2021 until the middle of...
Modernizing Vulnerability Management with Risk-Based Prioritization
...
Weekly Threat Digest: 14-20 February 2022
...
Millions of WordPress site backups at risk due to a vulnerability in UpdraftPlus plugin
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here UpdraftPlus is a backup tool for WordPress files, databases, plug-ins, and themes that allows you to create, restore, and migrate backups. UpdraftPlus is utilized by more than three million WordPress websites, according to i...
Privilege Escalation Vulnerability in Snap Package Manager puts Linux users at risk
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here A privilege escalation vulnerability has been identified in Canonical Snap software package manager that affects the Linux-based operating systems. Successful exploitation of this issue might allow an attacker to escalate...
Apache Cassandra database affected by easily exploitable Remote code execution
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Apache Cassandra is a database software being used by many companies such as Uber, Facebook, Netflix, Twitter, Instagram, Spotify, Instacart, Reddit, and Accenture. A remote code execution flaw CVE-2021-44521 is reported whi...
Russian state-sponsored cyber actors targeting U.S. critical infrastructure
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here In a joint cybersecurity advisory, the Federal Bureau of Investigation FBI, the National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA revealed that Russian state-sponsored threat actors target...
BlackCat Ransomware group attacks on the rise
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Blackcat Ransomware gang also known as ALPHV has targeted around 25 organizations belonging to multiple sectors globally since November 2021. The group has claimed responsibility for the recent cyber attack on Swissport...
VMware addresses security flaws discovered during Tianfu Cup Pwn Contest
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here VMware addressed vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation, few months after the discovery of these bugs by participants at Tianfu Cup Pwn Contest. VMware has rated some of these vulnerabilities as...
First zero-day vulnerability of Google Chrome this year actively exploited in wild
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Google released a stable channel update for their Chrome browser that contains a zero-day vulnerability and is actively being exploited-in-wild. This is the first zero-day bug reported in Chrome browser this year. A...
Threat Campaign by Molerats uses NimbleMamba Malware to target Middle East
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here An APT group Molerats associated with Gaza has launched a new threat campaign using a malware NimbleMamba aimed at Middle Eastern governments, foreign policy think tanks, and even a state-owned airline. The current attack was...
Critical Magento zero-day vulnerability actively exploiting multiple e-commerce websites
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Adobe issued an emergency advisory informing Adobe Commerce and Magento Open-Source product users of a critical zero-day vulnerability that is being actively exploited in the wild. A zero-day vulnerability which has been...
Multiple vulnerabilities affect Mozilla Firefox and Firefox ESR
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Mozilla has issued two security advisories, which addresses 13 security issues in Firefox and Firefox ESR. Four of the thirteen have been rated as high, and some of these vulnerabilities, if successfully exploited, might all...
Multiple security vulnerabilities identified in Adobe
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Adobe addressed 17 security flaws in Premiere Rush, Photoshop, Illustrator, After Effects, and Creative Cloud Desktop. According to Adobe, none of the vulnerabilities have been exploited so far. Successful exploitation of...
Zero-day vulnerability in WebKit affects Apple macOS
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A third zero-day vulnerability has been identified since the latest zero-day bugs discovery in macOS Monterey in the year 2022. This flaw impacts the WebKit component, which is a cross-platform web browser engine that is...
Critical remote code execution vulnerabilities in WordPress PHP everywhere Plugin
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Three critical remote code execution RCE vulnerabilities in a WordPress plugin PHP everywhere have been discovered. It is a plugin that allows web developers to utilize PHP code in pages, posts, the sidebar, or anywhere on...
Google Chrome affected by high severity vulnerabilities
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Google has released Chrome 98 as a stable channel for Windows, Mac, and Linux. This update addresses 19 security vulnerabilities. Eight of them are rated severity high, ten of them are medium and one of them is of severity...
Microsoft Patch Tuesday addresses a zero-day vulnerability in Windows Kernel
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Microsoft addressed 51 vulnerabilities in the February 2022 patch Tuesday release, one of which was classified as a zero-day vulnerability. A remote attacker could exploit some of these vulnerabilities to gain control of a...
Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables
THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...
Critical Samba vulnerability allows remote code execution as root
...
APT27 group uses the HyperBro remote access trojan to inject backdoors into victim’s network
...
Attackers exploit Windows vulnerability to gain admin privilege
...
Apple releases macOS Monterey 12.2 to fix multiple vulnerabilities
...
Apple releases macOS Monterey 12.2 to fix multiple vulnerabilities
...
Control Web Panel bugs cause remote code execution in Linux servers
...
PwnKit vulnerability affects major Linux distributors
...
MoonBounce: New malware deployed by APT41 in UEFI firmware
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. MoonBounce is a new type of malware that hides in the most complex part of an Operating System OS, the Basic Input Output System BIOS chip, and thus persists even after reinstalling your OS or formatting your hard drive...
SolarWinds Serv-U vulnerability exploited to deliver Log4j attack
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. SolarWinds is affected by a vulnerability CVE-2021-35247 due to improper input validation when processing LDAP queries in the Serv-U web login screen. Serv-U versions up to 15.2.5 are affected by this flaw and were fixed in...
Cisco patched multiple critical vulnerabilities in StarOS Software
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Cisco patched two critical vulnerabilities in Redundancy Configuration Manager for StarOS software. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. An attacker could exploit th...
FIN8 Hacker group using new ‘White Rabbit’ Ransomware against U.S. Banks
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. White Rabbit is a ransomware family that has only recently been discovered. It could be a subsidiary project of the FIN8 hacking gang. A ransomware expert seeking for a sample of the malware made the first public disclosure...
Zoho ManageEngine Desktop Central affected by critical vulnerability
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Zoho has patched a critical vulnerability CVE-2021-44757 in Desktop Central and Desktop Central MSP which are unified endpoint management UEM solutions. A security vulnerability exists in the Desktop Central and Desktop...
WordPress plugins affected by critical vulnerability impacting 84,000 websites
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. WordPress powers over 43.0% of all the websites on the Internet. A Cross-Site Request Forgery vulnerability CVE-2022-0215 was discovered in three plugins of WordPress. This flaw made it possible for an attacker to update...
Ukraine government entities targeted by a destructive malware “Whispergate”
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. A malware attack was carried out on Ukraine government, non-profit, and IT entities with a wiper disguised as ransomware. The threat actor, DEV-0586 targeted government bodies that provide critical executive branch or emergen...
SnatchCrypto campaign carried out by North Korean APT 38 subsidiary BlueNoroff
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. BlueNoroff, an advanced persistent threat APT group thats part of the larger Lazarus Group associated with North Korea, is behind a series of attacks against small and medium-sized companies that have led to serious...
Security Updates in Multiple Products of Adobe
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Multiple vulnerabilities have been discovered in Adobe Products: 16 critical vulnerabilities have been fixed in Adobe Acrobat and Reader which are listed below: Code execution: CVE-2021-44701, CVE-2021-44704, CVE-2021-44705...
Mozilla Firefox patches multiple vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Mozilla Firefox has released a major security update which patches 9 high, 6 moderate and 3 low impact vulnerabilities. Vulnerabilities classified as high are: CVE-2022-22746: Callnnto reportValdty could ave lead to...
Privilege escalation vulnerability in Citrix Workspace for Linux
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A local privilege escalation vulnerability could allow a local user to gain root privileges on the computer running Citrix Workspace app for Linux. This vulnerability CVE-2022-21825 affects the Citrix Workspace app for Linu...
Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft has fixed 97 vulnerabilities, with nine classified as Critical and 88 as Important and among them 6 zero-days. Following are the type of security vulnerabilities reported in multiple Microsoft products: 41 Elevation...
WordPress fixes multiple security vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. WordPress development team has released the security update to patch the following four vulnerabilities out of which three of them have high severity. CVE-2022-21661: A vulnerability exists in WPQuery class which is caused...
A similar vulnerability like Log4shell discovered in H2 database console
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An unauthenticated remote code execution vulnerability similar to Log4shell has been discovered in H2 Database a popular Java SQL database console and has been assigned CVE-2021-42392. It is claimed to be similar to the...
High severity vulnerability in VMware Workstation, Fusion, and ESXi
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A heap buffer overflow vulnerability has been discovered in multiple products of VMware. This bug has been tracked as CVE-2021-22045, if exploited would result in the execution of arbitrary code by the attacker. Heap...
Google fixes multiple vulnerabilities in Chrome
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Google Chrome has been updated to version 97, which addresses 37 security flaws. Google has classed ten of them as High and one as Critical, while the remaining thirteen have been classified as Medium or Low. These flaws po...
New rootkit iLOBleed targets HP servers
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The rootkit known as iLOBleed has been active since 2020 that is targeting Hewlett-Packard HP enterprises Integrated Lights-Out iLO server management technology to delete data from infected machines and corrupt firmware. The...
Apache released a patch to address the critical zero-day vulnerability in log4j
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. A zero-day remote code execution vulnerability, CVE-2021-44228 was discovered in Apache log4j affecting versions 2.0 to 2.14.1. Apache log4j is a java logging package used by millions of applications. Cloud services such as...
Rook: New Ransomware in the market scavenges code from Babuk
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Security researchers found new ransomware dubbed as Rook that reuses the code from Babuk which was released earlier. It was initially seen on VirusTotal on November 26th and pwned its first victim, a Kazkh financial...
Old Gatekeeper bypass vulnerability in macOS exploited
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A gatekeeper bypass vulnerability exists in macOS Big Sur and has been assigned CVE-2021-30853. An attacker can exploit this issue by using a specially-crafted script-based application downloaded from the Internet. This allow...
Microsoft released patch for actively exploited spoofing vulnerability
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Microsoft AppX has a spoofing vulnerability that has been assigned CVE-2021-43890. Attackers are taking advantage of this critical vulnerability by deploying well-known malwares such as Emotet, Trickbot, and Bazaloader. Thi...