Security Issues, Vulnerabilities, Exploits & Government Alerts
?Jan 26, 2024?NewsroomThreat Intelligence / Cyber Attack Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that…
?Jan 26, 2024?NewsroomCyber Crime / Malware 40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department…
?Jan 26, 2024?NewsroomNetwork Security / Vulnerability Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code…
?Jan 25, 2024?NewsroomRemote Access Trojan Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. “SystemBC can be purchased on underground marketplaces and is supplied in an archive…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: SystemK Equipment: NVR 504/508/516 Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MachineSense LLC. Equipment: MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command Injection, Improper…
?Jan 25, 2024?NewsroomVulnerability / Software Security The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result…
?Jan 25, 2024?NewsroomFileless Malware / Endpoint Security Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that’s distributed via spear-phishing attacks. The findings come from Japanese company ITOCHU Cyber & Intelligence, which…
The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform’s surveillance of the Surface, Deep, and Dark Web with insights derived from the…
A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is…