Critical Flaws Found In Four Cisco SMB Router Ranges
Cisco has revealed four of its small business router ranges have critical flaws – for the second time in 2022 alone
Read More...
Microsoft accounts targeted with new MFA-bypassing phishing kit
A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication.
Read More...
VMware urges admins to patch critical auth bypass bug immediately
VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges.
Read More...
LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload
A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.
Read More...
July Patch Tuesday patches include fix for exploited zero-day CVE-2022-30221
July Patch Tuesday patches include fix for exploited zero-day Microsoft’s July Patch Tuesday includes an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS). This vulnerability immediately made it to the Cybersecurity & Infrastructure Security Agency (CISA) list of known to be exploited in the wild list that are due for
Read More...
Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VMSecurity Affairs
Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. Threat actors are attempting to compromise a large number of cloud-based systems to mine cryptocurrency with a significant
Read More...
HavanaCrypt ransomware sails in as a fake Google update
Difficult to detect, hiding its window by using the ShowWindow function in Windows
A new ransomware family is being delivered as a bogus Google Software Update, using Microsoft functionality as part of its attack.…
Read More...
Qbot collects user information and passwords in 30 minutes
An information-stealing malware (Qbot) has recently emerged, and according to the analysis, it only takes 30 minutes for it to exfiltrate all the user browser data and emails from Outlook, and only 50 minutes to spread across the whole network. This malware has been seen in the wild used by many adversaries such as REvil,
Read More...
SEO Poisoning used to distribute malware through Zoom, TeamViewer, Visual Studio installers
About the technique SEO poisoning technique is used to trick users into downloading installers (for TeamViewer, Zoom, Visual Studio, and possibly other software) bundled with “Batloader” and “Atera”. Those installers are distributed using compromised websites that appear in search results after entering certain keywords. Those keywords include “free productivity apps installation” or “free software development
Read More...