CISA: CISA Releases Five Industrial Control Systems Advisories
CISA Releases Five Industrial Control Systems Advisories CISA released five Industrial Control Systems (ICS) advisories on July 27, 2023. These...
threatintel
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse
CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse The Australian Signals Directorate’s Australian Cyber...
CISA: Ivanti Releases Security Updates for EPMM to address CVE-2023-35081
Ivanti Releases Security Updates for EPMM to address CVE-2023-35081 Ivanti has identified and released patches for a directory traversal vulnerability(link...
CISA: CISA Releases Malware Analysis Reports on Barracuda Backdoors
CISA Releases Malware Analysis Reports on Barracuda Backdoors CISA has published three malware analysis reports on malware variants associated with...
RFP Template for Browser Security
Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group...
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures
An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick...
Hackers Deploy “SUBMARINE” Backdoor in Barracuda Email Security Gateway Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a "novel persistent backdoor" called SUBMARINE deployed...
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module
The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that's...
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse
Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this...
Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable
Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors...
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT
Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called...
New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data
A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather...
Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack
Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said...
Karakurt Ransomware Victim: McAlester Regional Health Center
KARAKURT RANSOMWARE NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...
Karakurt Ransomware Victim: Regional Family Medicine
KARAKURT RANSOMWARE NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...
New Android malware uses OCR to steal credentials from images
Two new Android malware families named 'CherryBlos' and 'FakeTrade' were discovered on Google Play, aiming to steal cryptocurrency credentials and...
CISA warns of breach risks from IDOR web app vulnerabilities
CISA warned today of the significant breach risks linked to insecure direct object reference (IDOR) vulnerabilities impacting web applications in...
Hawai’i Community College pays ransomware gang to prevent data leak
The Hawaiʻi Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen...
Twitter’s rebranding to ‘X’ triggers Microsoft Edge security alert
Microsoft Edge web browser has been displaying security warnings after Twitter changed its name to 'X'. Amid its rapid rebranding...
Linux version of Abyss Locker ransomware targets VMware ESXi servers
The Abyss Locker operation is the latest to develop a Linux encryptor to target VMware's ESXi virtual machines platform in...
Ivanti patches new zero-day exploited in Norwegian govt attacks
Ivanti has fixed another vulnerability in the Endpoint Manager Mobile software (formerly MobileIron Core), exploited as a zero-day to breach the IT systems...
The Week in Ransomware – July 28th 2023 – New extortion tactics
With ransom payments declining, ransomware gangs are evolving their extortion tactics to utilize new methods to pressure victims. This was...
CISA: New Submarine malware found on hacked Barracuda ESG appliances
CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies'...
