Misconfigured Microsoft endpoint exposes sensitive data from 65K entities
A misconfigured Microsoft endpoint has exposed sensitive data from 65,000 entities across 111 countries, researchers from SOCRadar have allegedly discovered.
Cybersecurity Threat Center
Microsoft September 2022 Security Updates addresses 63 vulnerabilities (5 Critical, 1 zero-day, 1 Spectre-BHP)
The Microsoft September 2022 Security Updates includes patches and advisories for 63 vulnerabilities. Five of those are rated Critical severity, one that addresses a previously disclosed Spectre-BHP flaw, and a zero-day exploited in the wild.
Mirai variant MooBot botnet targets multiple D-Link flaws
Security researchers from Palo Alto Networks Unit 42 have discovered a Mirai botnet variant dubbed “MooBot” that targets multiple D-Link flaws and exposed networking devices running Linux.
Cybercriminals use proxies and configurations to launch credential stuffing attacks
The Federal Bureau of Investigation (FBI) have spotted cybercriminals using proxies and configurations to launch credential stuffing attacks against US companies.
Attackers exploit open redirect vulnerability on Amex and Snapchat sites
Attackers have been exploiting a well-known open redirect vulnerability on American Express and Snapchat sites to phish for victim’s personal data.
Microsoft August 2022 Security Updates addresses 121 vulnerabilities (17 Critical and 1 zero-day)
The Microsoft August 2022 Security Updates includes patches and advisories for 121 vulnerabilities, 17 of those rated Critical severity and one zero-day CVE-2022-34713 exploited in the wild.
CISA adds Questions for Confluence App Hard-coded Credentials Vulnerability (CVE-2022-26138) to Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added a Critical Questions for Confluence App Hard-coded Credentials Vulnerability (CVE-2022-26138) to its Known Exploited Vulnerabilities Catalog.
PrestaShop websites vulnerable to major SQL Injection attacks
PrestaShop websites are reported vulnerable to a major SQL Injection vulnerability (tracked as CVE-2022-36408) and have been exploited in the wild since July 2022.
Cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems (updated)
The Cybersecurity and Infrastructure Security Agency (CISA) warns cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems.
H0lyGh0st ransomware actors target small and midsize businesses
Security researchers from Microsoft warn threat actors from North Korea are using H0lyGh0st ransomware to target small and midsize businesses around the globe.