High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
Several security flaws were discovered that could be exploited to achieve denial-of-service (DoS) and remote code execution
Read More...CyberConvoy Blog - Live Fearless
Apple emergency updates fix 3 new zero-days exploited in attacks
Local attackers can exploit this flaw (CVE-2023-41992) to escalate privileges
Read More...
GitLab Releases Urgent Security Patches for Critical Vulnerability
The vulnerability has been addressed in GitLab versions 16.3.4 and 16.2.7.
Read More...
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
The threat actor included a summary in the README file and a Streamable video demonstrating how to use the PoC, which added further legitimacy to the malicious package
Read More...
Fake Cisco Webex Google Ads abuse tracking templates to push malware
The threat actors can exploit a loophole in the Google Ad platform's tracking template that allows them to redirect at will while complying with Google's policy
Read More...
Ransomware access broker steals accounts via Microsoft Teams phishing
In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file
Read More...
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
Microsoft has fixed an actively exploited local privilege elevation vulnerability that allows attackers to gain SYSTEM privileges
Read More...
Free Download Manager site redirected Linux users to malware for years
The malware used in this campaign establishes a reverse shell to a C2 server and installs a Bash stealer that collects user data and account credentials
Read More...
Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild – Update Now
CVE-2023-41064 relates to a buffer overflow issue in the Image I/O component that could lead to arbitrary code execution when processing a maliciously crafted image
Read More...
Cisco warns of VPN zero-day exploited by ransomware gangs
The medium severity zero-day allows unauthorized remote attackers to conduct brute force attacks against existing accounts
Read More...