Cybersecurity Threat Center Archives

Misconfigured Microsoft endpoint exposes sensitive data from 65K entities

Cloud Security, Configuration Management / Frank Crast / October 21, 2022 / Azure, Blob Storage, BlueBleed, Bucket, Cloud, Cybersecurity Threat Center, SOCRadar

A misconfigured Microsoft endpoint has exposed sensitive data from 65,000 entities across 111 countries, researchers from SOCRadar have allegedly discovered.

Misconfigured Microsoft endpoint exposes sensitive data from 65K entities Read More »

Microsoft September 2022 Security Updates addresses 63 vulnerabilities (5 Critical, 1 zero-day, 1 Spectre-BHP)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / September 14, 2022 / CVE-2022-34700, CVE-2022-34718, CVE-2022-34721, CVE-2022-34722, CVE-2022-35805, CVE-2022-37969, Cybersecurity Threat Center, Microsoft, Spectre v2, Spectre-BHP

The Microsoft September 2022 Security Updates includes patches and advisories for 63 vulnerabilities. Five of those are rated Critical severity, one that addresses a previously disclosed Spectre-BHP flaw, and a zero-day exploited in the wild.

Microsoft September 2022 Security Updates addresses 63 vulnerabilities (5 Critical, 1 zero-day, 1 Spectre-BHP) Read More »

Mirai variant MooBot botnet targets multiple D-Link flaws

Cybersecurity Attacks, Malware, Network Security, Vulnerabilities & Exploits / Frank Crast / September 11, 2022 / botnet, CVE-2015-2051, CVE-2018-6530, CVE-2022-26258, CVE-2022-28958, Cybersecurity Threat Center, D-Link, Mirai, MooBot

Security researchers from Palo Alto Networks Unit 42 have discovered a Mirai botnet variant dubbed “MooBot” that targets multiple D-Link flaws and exposed networking devices running Linux.

Mirai variant MooBot botnet targets multiple D-Link flaws Read More »

Cybercriminals use proxies and configurations to launch credential stuffing attacks

Application Security, Cybersecurity Attacks, Password Management / Frank Crast / August 22, 2022 / CDN, Cyberattack, Cybersecurity Threat Center, FBI, MFA, OWASP, passwords, SSL

The Federal Bureau of Investigation (FBI) have spotted cybercriminals using proxies and configurations to launch credential stuffing attacks against US companies.

Cybercriminals use proxies and configurations to launch credential stuffing attacks Read More »

Attackers exploit open redirect vulnerability on Amex and Snapchat sites

Cybersecurity Attacks, Phishing, Vulnerabilities & Exploits / Frank Crast / August 16, 2022 / Amex, Cybersecurity Threat Center, Docusign, FedEx, Google Workspace, INKY, Microsoft, Microsoft 365, phishing, redirect, Snapchat

Attackers have been exploiting a well-known open redirect vulnerability on American Express and Snapchat sites to phish for victim’s personal data.

Attackers exploit open redirect vulnerability on Amex and Snapchat sites Read More »

Microsoft August 2022 Security Updates addresses 121 vulnerabilities (17 Critical and 1 zero-day)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / August 10, 2022 / CVE-2022-21980, CVE-2022-24477, CVE-2022-24516, CVE-2022-30133, CVE-2022-33646, CVE-2022-34691, CVE-2022-34696, CVE-2022-34702, CVE-2022-34713, CVE-2022-34714, CVE-2022-35744, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35767, CVE-2022-35794, CVE-2022-35804, Cybersecurity Threat Center, DogWalk, MSDT

The Microsoft August 2022 Security Updates includes patches and advisories for 121 vulnerabilities, 17 of those rated Critical severity and one zero-day CVE-2022-34713 exploited in the wild.

Microsoft August 2022 Security Updates addresses 121 vulnerabilities (17 Critical and 1 zero-day) Read More »

CISA adds Questions for Confluence App Hard-coded Credentials Vulnerability (CVE-2022-26138) to Known Exploited Vulnerabilities Catalog

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / July 30, 2022 / Atlassian, CISA, Confluence, CVE-2022-26138, Cybersecurity Threat Center

The Cybersecurity and Infrastructure Security Agency (CISA) has added a Critical Questions for Confluence App Hard-coded Credentials Vulnerability (CVE-2022-26138) to its Known Exploited Vulnerabilities Catalog.

CISA adds Questions for Confluence App Hard-coded Credentials Vulnerability (CVE-2022-26138) to Known Exploited Vulnerabilities Catalog Read More »

PrestaShop websites vulnerable to major SQL Injection attacks

Cybersecurity Attacks, Malware, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / July 26, 2022 / CVE-2022-36408, Cybersecurity Threat Center, MySQL, PrestaShop, SQL injection, SQLi

PrestaShop websites are reported vulnerable to a major SQL Injection vulnerability (tracked as CVE-2022-36408) and have been exploited in the wild since July 2022.

PrestaShop websites vulnerable to major SQL Injection attacks Read More »

Cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems (updated)

Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / Frank Crast / July 20, 2022 / APT, Aquatic Panda, CGCYBER, CISA, CVE-2021-44228, Cybersecurity Threat Center, Deep Panda, Log4j, log4Shell, UAG

The Cybersecurity and Infrastructure Security Agency (CISA) warns cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems.

Cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems (updated) Read More »

H0lyGh0st ransomware actors target small and midsize businesses

Cybersecurity Attacks, Malware, Ransomware / Frank Crast / July 17, 2022 / Andariel, BLTC.exe, BTLC_C.exe, C2, Cybersecurity Threat Center, DarkSeoul, DEV-0530, H0lyGh0st, HolyGhost, HolyLock.exe, HolyRS.exe, Microsoft, MSTIC, North Korea, Plutonium, Ransomware, SiennaBlue, SiennaPurple, Small Business, SMB

Security researchers from Microsoft warn threat actors from North Korea are using H0lyGh0st ransomware to target small and midsize businesses around the globe.

H0lyGh0st ransomware actors target small and midsize businesses Read More »