Our news
-
Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws
Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.
-
Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
CloudLinux’ security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
-
Vulnerability Summary for the Week of November 15, 2021
Original release date: November 22, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the…
-
Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends
Original release date: November 22, 2021 As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you. Recent history tells us that this could be a time when these…
-
Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability
Original release date: November 19, 2021 The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have updated the Joint Cybersecurity Advisory (CSA) published on September 16, 2021, which details the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The…
-
NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures
Original release date: November 19, 2021 CISA has announced the joint National Security Agency (NSA) and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources examines threats to 5G container-centric or hybrid container/virtual network, also known as Pods. The guidance provides several aspects…
-
6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years
Pen Test Partners didn’t disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
-
Russian TrickBot Gang Hacker Extradited to U.S. Charged with Cybercrime
A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group. Court documents showed that Vladimir Dunaev, 38, along with other…
-
BYOD
The current landscape has changed dramatically. Businesses have had to adapt to new challenges, one of these challenges is accommodating the current workforce. In the age of digital technology, more employees would rather use their own device, such as a laptop, tablet, or phone. Bring Your Own Device or BYOD for short, is a trend that…
-
FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months
The bureau’s flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets’ networks.