Our news
-
Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn
The so-called ‘Spring4Shell’ bug has cropped up, so to speak, and could be lurking in literally millions of Java applications.
-
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.
-
Google Chrome Bug Actively Exploited as Zero-Day
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
-
FBI Releases PIN on Phishing Campaign against U.S. Election Officials
Original release date: March 30, 2022 The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to warn U.S. election and other state and local government officials about invoice-themed phishing emails that could be used to harvest officials’ login credentials. CISA encourages federal, state, and local government officials to review FBI PIN:…
-
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors
Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.
-
Mitigating Attacks Against Uninterruptable Power Supply Devices
Original release date: March 29, 2022 CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when…
-
Exchange Servers Speared in IcedID Phishing Campaign
The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.
-
CISA Adds 32 Known Exploited Vulnerabilities to Catalog
Original release date: March 28, 2022 CISA has added 32 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog,…
-
Vulnerability Summary for the Week of March 21, 2022
Original release date: March 28, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — acrobat_dc Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context…
-
Critical Sophos Security Bug Allows RCE on Firewalls
The security vendor’s appliance suffers from an authentication-bypass issue.