Category: alerts
Category Added in a WPeMatico Campaign
-
Ransomware Going for $4K on the Cyber-Underground
An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships. Read more
-
Apple’s ‘Find My’ Network Exploited via Bluetooth
The ‘Send My’ exploit can use Apple’s locator service to collect and send information from nearby devices for later upload to iCloud servers. Read more
-
Researchers Flag e-Voting Security Flaws
Paper ballots and source-code transparency are recommended to improve election security. Read more
-
‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices
Wi-Fi devices going back to 1997 are vulnerable to attackers who can steal your data if they’re in range. Read more
-
Joint CISA-FBI Cybersecurity Advisory on DarkSide Ransomware
Original release date: May 11, 2021 CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on a ransomware-as-a-service (RaaS) variant—referred to as DarkSide—recently used in a ransomware attack against a critical infrastructure (CI) company. Cybercriminal groups use DarkSide to gain access to a victim’s network to encrypt and exfiltrate data. These… Read more
-
AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
Original release date: May 11, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a ransomware attack affecting… Read more
-
Wormable Windows Bug Opens Door to DoS, RCE
Microsoft’s May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities. Read more
-
Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader
A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution. Read more
-
Lemon Duck Cryptojacking Botnet Changes Up Tactics
The sophisticated threat is targeting Microsoft Exchange servers via ProxyLogon in a wave of fresh attacks against North American targets. Read more
-
Vulnerability Summary for the Week of May 3, 2021
Original release date: May 10, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info ambarella — oryx_rtsp_server A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to… Read more