Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign
Signs hint at Russia's APT28, aka Fancy Bear, being behind the attacks, according to new research.
Read More...
Experts Urge Firms to Patch Trivial-to-Exploit Flaw in Linux PolicyKit
The memory corruption vulnerability in a policy component installed by default on most Linux distributions allows any user to become root. Researchers have alre...
Read More...
Report: Cybercriminals laundered at least $86 billion worth of cryptocurrency in 2021
Chainalysis said $33 billion worth of cryptocurrency has been laundered by cybercriminals since 2017.
Read More...
EyeMed agrees $600000 settlement over 2020 data breach
The data of roughly 2.1 million individuals was exposed.
Read More...
This phishing attack uses an unusual trick to spread further
Attackers enroll Outlook on BYO devices with Azure AD and then spread SharePoint PDF lures.
Read More...
QNAP users still struggling with Deadbolt ransomware after forced firmware updates
Censys said about 4,000 devices are still infected with Deadbolt ransomware.
Read More...
Best Practices
BrandPost: Lessons Learned from the Microsoft SOC
With trillions of cyber threats in daily circulation, Security Operations Centers (SOCs) must be fast and accurate for detection and response. Everything in ...
Read More...
How to defend Windows networks against destructive cyberattacks
The Russian cyberattacks on Ukrainian organizations reminds us that the attacker isn’t always looking to steal data or extort money. Sometimes they just want...
Read More...
OMB Issues Zero-Trust Strategy for Federal Agencies
Federal officials tout the strategy as a more proactive approach to securing government networks.
Read More...
Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign
Signs hint at Russia's APT28, aka Fancy Bear, being behind the attacks, according to new research.
Read More...
New Threats and Vulnerabilities
CVE-2021-29845
IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255.
Read More...
CVE-2022-22932
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as ...
Read More...
CVE-2022-23968
Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthentica...
Read More...
CVE-2022-22790
SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. ...
Read More...
CVE-2022-22938
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrin...
Read More...
CVE-2022-23863
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
Read More...
Patch Management
This phishing attack uses an unusual trick to spread further
Attackers enroll Outlook on BYO devices with Azure AD and then spread SharePoint PDF lures.
Read More...
Update now! Apple pushes out security patches for iPhone and Mac zero-day vulnerabilities
Apple has released urgent security updates for its customers, following the discovery of zero-day vulnerabilities that can be used to hack into iPhones, iPads, ...
Read More...
DazzleSpy: Pro-democracy org hijacked to become macOS spyware distributor
A Safari exploit was being served through a watering hole attack.
Read More...
UK government launches internal cyber strategy
Everyone is talking about Log4Shell, a zero-day remote code execution exploit in versions of log4j, the popular open source Java logging library.
Read More...
GitHub enables two-factor authentication mechanism through iOS Android app
GitHub Mobile 2FA will be available to all GitHub users in the App Store and Play Store this week.
Read More...
.png)
.png)
.png)
.png)
.png)
