Category: Uncategorized
-
Ivanti zero-day vulnerabilities exploited in chained attack
Post ContentRead More
-
Social Media Accounts: The Weak Link in Organizational SaaS Security [email protected] (The Hacker News)
Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a…
-
What is OPSEC (operations security)?
Post ContentRead More
-
Synacor Zimbra Collaboration Command Execution Vulnerability
Hackers are exploiting a recently fixed RCE vulnerability in Zimbra email servers, which can be exploited just by sending specially crafted emails to the SMTP server.Read More
-
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild [email protected] (The Hacker News)
Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn’t include the 25 additional…
-
Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks [email protected] (The Hacker News)
Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC)…
-
Ivanti CSA (Cloud Services Appliance) zero-day Attack
What is the Attack?Attackers are actively exploiting multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance) that could lead an attacker to gain admin access, bypass security measures, run arbitrary SQL commands, and execute code remotely.The FortiGuard Incident Response (IR) team has been engaged in one of the compromised CSA (Cloud Services Appliance). As the…
-
Risk & Repeat: Is Microsoft security back on track?
Post ContentRead More
-
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited [email protected] (The Hacker News)
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an…
-
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines [email protected] (The Hacker News)
Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. “These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community,” Morphisec researcher Shmuel Uzan said in a new report published today, adding “this…