Skip to content
Security News, Assessments & Alerts Page 129

Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

May 22, 2024NewsroomICS Security / Vulnerability Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity.… 

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what’s called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs… 

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

May 22, 2024NewsroomVulnerability / Data Breach An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian… 

Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings

Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings

May 22, 2024NewsroomEncryption / Quantum Computing Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future.… 

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

May 21, 2024NewsroomVulnerability / Software Development GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985… 

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

May 21, 2024NewsroomCloud Security / Data Security A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. “The VBScript and PowerShell scripts… 

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

May 21, 2024NewsroomData Breach / Malware The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. “The core of…