Skip to content
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention… 

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

Aug 29, 2024Ravie LakshmananIoT Security / Vulnerability A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.7), the… 

French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

Aug 29, 2024Ravie LakshmananOnline Crime / Privacy French prosecutors on Wednesday formally charged CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following… 

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

Aug 28, 2024Ravie LakshmananVulnerability / Data Security Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries… 

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. “The BlackByte ransomware… 

New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials

New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials

Aug 28, 2024Ravie LakshmananPhishing Attack / Data Breach Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the… 

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports

Aug 28, 2024Ravie LakshmananSoftware Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known… 

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

Aug 28, 2024Ravie LakshmananWordPress Security / Website Protection A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The…