US-CERT Vulnerability Summary for the Week of July 24, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infobiltay_technology -- scienta Improper Neutralization of Special Elements used in an SQL...
News
Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners
Threat actors are leveraging a technique called versioning to evade Google Play Store's malware detections and target Android users. "Campaigns...
Hundreds of Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack
Hundreds of Citrix NetScaler ADC and Gateway servers have been breached by malicious actors to deploy web shells, according to...
A Penetration Testing Buyer’s Guide for IT Security Teams
The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data...
New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3
Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data...
Global ransomware attacks at an all-time high, shows latest 2023 State of Ransomware report
Ransomware attacks have shown no signs of slowing down in 2023. A new report from the Malwarebytes Threat Intelligence team...
Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability
Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager...
Microsoft Exposes Russian Hackers’ Sneaky Phishing Tactics via Microsoft Teams Chats
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state...
“Mysterious Team Bangladesh” Targeting India with DDoS Attacks and Data Breaches
A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78...
Microsoft Flags Growing Cybersecurity Concerns for Major Sporting Events
Microsoft is warning of the threat malicious cyber actors pose to stadium operations, warning that the cyber risk surface of...
Hackers exploited Salesforce zero-day in Facebook phishing attack
Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable...
Amazon’s AWS SSM agent can be used as post-exploitation RAT malware
Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows hackers to use the platform's System...
Why Every Security Practitioner Should Attend mWISE
What’s in store for mWISE 2023? 80+ curated sessions. 90+ hand-picked speakers. 7 session tracks. All the hottest topics in...
Over 640 Citrix servers backdoored with web shells in ongoing attacks
Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting...
New Collide+Power side-channel attack impacts almost all CPUs
A new software-based power side-channel attack called 'Collide+Power' was discovered, impacting almost all CPUs and potentially allowing data to leak....
Fake FlipperZero sites promise free devices after completing offer
A site impersonating Flipper Devices promises a free Flipper Zero after completing an offer but only leads to shady browser...
Ivanti discloses new critical auth bypass bug in MobileIron Core
IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software. Tracked...
Russian hackers target govt orgs in Microsoft Teams phishing attacks
Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service (SVR) targeted dozens of organizations...
CISA in New Warning Over Ivanti Vulnerabilities
US and Norwegian security agencies have released a new security advisory warning that APT actors may be combining exploits for...
Russian Cybersecurity Exec Wanted By Russia and US
An employee at a Russian cybersecurity vendor has found himself at the center of a geopolitical tussle between the US...
OT/IoT Malware Surges Tenfold in First Half of the Year
Malware-related cyber-threats in operational technology (OT) and Internet of Things (IoT) environments jumped tenfold in the first six months of...
AI-Enhanced Phishing Driving Ransomware Surge
Government agencies alongside education and healthcare organizations have become prime targets for ransomware operators over the past three years.According to...
AI-Powered CryptoRom Scam Targets Mobile Users
CryptoRom, a notorious scam that combines fake cryptocurrency trading and romance scams, has taken a new twist by utilizing generative...
Cloud Firm Under Scrutiny For Suspected Support of APT Operations
The cloud firm Cloudzy has come under scrutiny for its alleged support of advanced persistent threat (APT) operations.In a new...
