Security News
CISA Adds 9.8 ‘Critical’ Microsoft SharePoint Bug to its KEV Catalog
It’s a tale as old as time: an old, long-since patched vulnerability that remains actively exploited.
Read MoreThe Week in Ransomware – January 12th 2024 – Targeting homeowners’ data
Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked. […]
Read MoreGitLab warns of critical zero-click account hijacking vulnerability
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. […]
Read MoreJuniper warns of critical RCE bug in its firewalls and switches
Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. […]
Read MoreIvanti Connect Secure zero-days exploited to deploy custom malware
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. […]
Read MoreVolt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure
The Chinese state-sponsored APT has compromised as many as 30% of Cisco legacy routers on a SOHO botnet that multiple threat groups use.
Read MoreNew Rugmi Malware Loader Surges with Hundreds of Daily Detections
A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and Rescoms.
Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi.
“This malware is a loader with three types of components: a downloader that downloads an
Yakult Australia confirms ‘cyber incident’ after 95 GB data leak
Yakult Australia, manufacturer of a probiotic milk drink, has confirmed experiencing a “cyber incident” in a statement to BleepingComputer. Both the company’s Australian and New Zealand IT systems have been affected. Cybercrime actor DragonForce which claimed responsibility for the attack has also leaked 95 GB of data. […]
Read MoreWhat you should be doing when you receive an unsolicited One Time Passcode
If you receive an unsolicited One Time Passcode (OTP) for a service that you use, either as an SMS or Email you should be concerned and act immediately! Why should I be concerned? This basically means that your credentials have been stolen and someone is trying to gain access to your account. The only reason…
Read MoreMicrosoft Outlook Zero-Click Security Flaws Triggered by Sound File
Attackers can chain the vulnerabilities to gain full remote code execution.
Read More