LockBit 3.0 Ransomware: An evolving threat that challenges network defenses and mitigations March 21, 2023
The FBI, CISA, and MS-ISAC have released a joint cybersecurity advisory regarding LockBit 3.0 ransomware as identified through FBI investigations as recently as this month.
Google Releases Chrome 111 Update With Fixes For 7 High Risk Vulnerabilities March 21, 2023
Google has released Chrome 111.0.5563.110 for Mac and Linux and Chrome 111.0.5563.110/.111 for Windows with fixes for seven High severity vulnerabilities.
Microsoft March 2023 Security Updates Fixes 101 Vulnerabilities (9 Critical, 2 zero-days) March 14, 2023
The Microsoft March 2023 Security Updates includes patches and advisories for 101 vulnerabilities, including 9 Critical severity issues and two zero-days exploited in the wild.
Adobe Security Updates For Multiple Products (one Zero day) March 14, 2023
Adobe has released eight advisories addressing multiple vulnerabilities in Adobe Commerce, Experience Manager, Illustrator, Dimension, Creative Cloud, Substance 3D Stager, Photoshop, and ColdFusion products.
Royal Ransomware uses a unique “partial encryption approach” to evade detection March 3, 2023
CISA and FBI have published a joint cybersecurity alert on Royal ransomware used in recent cyberattacks as recently as January 2023. The ransomware uses a unique “partial encryption approach” to evade detection.
Threat actors abuse Windows debugger tool to disguise PlugX trojan attacks February 27, 2023
Researchers have discovered threat actors abusing legitimate open-source debugger tool for Windows to disguise PlugX trojan attacks.
Threat actors launch zero-day attack against Python Package Index (PyPI) packages February 24, 2023
Researchers have discovered threat actors launching zero-day attack against packages in the Python Package Index (PyPI) repository.
CISA Adds IBM and Mitel Vulnerabilities To Known Exploited Vulnerabilities Catalog February 22, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has added IBM and Mitel vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Attackers Exploit Forta GoAnywhere Zero-day Vulnerability February 17, 2023
Attackers have been exploiting a Forta GoAnywhere zero-day vulnerability (CVE-2023-0669).
Microsoft February 2023 Security Updates addresses 79 vulnerabilities (9 rated Critical, 3 zero days) February 16, 2023
The Microsoft February 2023 Security Updates includes patches and advisories for 79 vulnerabilities, including 9 Critical severity remote code execution issues and three zero-days exploited in the wild.
Apple Fixes Exploited Zero-Day Vulnerability (CVE-2023-23529) in IOS, Safari and macOS February 14, 2023
Apple has released an emergency security update that fixes a zero-day exploited vulnerability (CVE-2023-23529) in iOS, Safari, and macOS, under attack in the wild.
CISA Adds Intel, Oracle and 3 other Vulnerabilities To Known Exploited Vulnerabilities Catalog February 10, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has added Intel, Oracle, TerraMaster, Forta, and SugarCRM vulnerabilities to its Known Exploited Vulnerabilities Catalog.
OpenSSL patches multiple vulnerabilities (1 rated High severity) February 10, 2023
OpenSSL has released a security update with fixes for one High risk vulnerability (CVE-2023-0286) and multiple other Moderate severity vulnerabilities.
Clop: New Linux ransomware variant threat February 7, 2023
Researchers from SentinelLabs have spotted the first Linux variant of Cl0p (aka “Clop”) ransomware, targeting Linux systems on December 26, 2022.
Attackers exploit VMware ESXi RCE vulnerability to deliver ESXiArgs ransomware February 7, 2023
French authorities and security researchers warn attackers have been exploiting two-year old VMware ESXi remote code execution (RCE) vulnerability (CVE-2021-21974) to deliver ESXiArgs ransomware.
Microsoft: RaaS attacks continue to evolve and expand February 2, 2023
Microsoft has been tracking over 100 threat actors using 50 unique active ransomware families in attacks around the globe.
Vice Society ransomware gang targets manufacturing firms February 1, 2023
Vice Society ransomware gang has been targeting manufacturing firms in Brazil, Argentina, Switzerland, and Israel, with their own custom-built ransomware.
VMware patches Critical vRealize vulnerabilities January 29, 2023
VMware has patched four vulnerabilities that affect VMware vRealize Log Insight. Two of the vulnerabilities are rated Critical, one High and one Medium severity.
ISC Fixes 4 High Risk BIND Vulnerabilities January 29, 2023
The Internet Systems Consortium (ISC) has released new security updates that fix four High risk vulnerabilities in multiple versions of ISC Berkeley Internet Name Domain (BIND).
CISA Adds Telerik and Zoho Vulnerabilities To Known Exploited Vulnerabilities Catalog January 27, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has added Telerik and Zoho vulnerabilities to its Known Exploited Vulnerabilities Catalog.