An article in The Register begins with a simple question: Do you have your VMware ESXi hypervisor joined to Active Directory? If you don’t know what The Register is even talking about, pass this article to your IT department directly. The Register explains the significance of a recently patched vulnerability, and why you should patch […]
Once again, threat actors are jumping to exploit a newly identified vulnerability in Progress MOVEit Transfer software. As Bleeping Computer reports, exploit attempts were noted less than 24 hours after the vendor disclosed the vulnerability. The new security issue received the identifier CVE-2024-5806 and allows attackers to bypass the authentication process in the Secure File Transfer Protocol […]
Sisense Security Week reports: The US government cybersecurity agency CISA on Thursday issued a red-alert for what appears to be a massive supply chain breach at Sisense, a New York company that sells big-data analytics tools to businesses. In a cryptic note, CISA warned of a recent “compromise of Sisense customer data” that was discovered […]
“Two quick taps and we open the door” This may give you second thoughts about any hotel you stay in, or at least what brand of keycard door lock they use for hotel rooms. Andy Greenberg of WIRED reports: When thousands of security researchers descend on Las Vegas every August for what’s come to be […]
Livemint reports: Cybercriminals have found a way to gain access to people’s Google accounts without needing their password, and the new exploit gives hackers continued access to Google services even after a user’s password has been reset. The new vulnerability was analysed by security firm CloudSEK and reported by The Independent. Furthermore, the issue first […]
Bleeping Computer reports: Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. “Google is aware that an exploit for CVE-2023-7024 exists in the wild,” a security advisory published Wednesday said. The company fixed the zero-day bug for users in the Stable Desktop […]
SiliconAngle reports: Cisco Systems Inc.’s Talos Intelligence unit posted today new findings about the North Korean hacking group called Lazarus that outline new ways it’s targeting attacks. “We have observed Lazarus target companies in the manufacturing, agricultural and physical security sectors,” their analysts wrote in the post. The group has been around since 2010 and was responsible most recently […]
From CISA, December 5: Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in […]
Cybernews reports: Microsoft is urging Outlook users to patch and update their systems to mitigate a new threat from Russia. Hackers associated with the Kremlin’s military intelligence agency GRU are exploiting the vulnerability to access victim’s emails. Microsoft warned that a nation-state actor tracked as Forest Blizzard is actively exploiting a vulnerability to provide secret, […]
Microsoft says North Korean hackers stole crypto through Chromium
A vulnerability on multiple web browsers was exploited by the Citrine Sleet threat actor to steal crypto from its victims, according to Microsoft. A Microsoft report claims a North Korean threat actor has been exploiting a flaw on Chromium to steal cryptocurrency. The company’s security blog attributed the exploitation of this bug “with medium confidence” […]