August 4, 2023
SonicWall, an American cybersecurity firm, urgently alerted customers to patch critical vulnerabilities detected in its Global Management System (GMS) and Analytics software. These vulnerabilities, numbering 15 in total, allow attackers to bypass authentication in systems running older versions of the software, potentially exposing sensitive data.
August 4, 2023
A detailed analysis of nearly 20 million malware logs available on the dark web and Telegram has highlighted a significant penetration of information-stealing malware into business settings.
August 4, 2023
The Biden administration has unveiled its National Cybersecurity Strategy Implementation Plan (NCSIP) to detail the execution of the national cybersecurity strategy introduced earlier this year. Coordinated by the Office of the National Cyber Director, the plan establishes timelines and assigns responsibilities across 18 federal agencies for around 65 different initiatives.
August 4, 2023
Cybersecurity researchers have unveiled the first-ever open-source software supply chain attacks targeting the banking sector, as detailed by a report from Checkmarx. The attackers demonstrated advanced methods, including targeting specific web components of victim banks by adding malicious functionalities.
August 4, 2023
A critical vulnerability in Fortinet firewalls has put over 300,000 devices at risk of being compromised. The vulnerability, called FortiOS RCE (Remote Code Execution) bug, allows unauthorized individuals to gain control of affected firewalls without authentication or user interaction.
July 7, 2023
Cisco Secure Client Software for Windows, previously known as AnyConnect Secure Mobility Client, has been found to have a significant vulnerability (CVE-2023-20178) that enables attackers to elevate their privileges to the SYSTEM account without requiring any user interaction.
July 7, 2023
The Lazarus Group, a notorious hacking collective with ties to North Korea, has been exploiting vulnerabilities in Windows Internet Information Services (IIS) web servers as a means to infiltrate corporate networks
July 7, 2023
Researchers at Cybereason have uncovered a new malware called RdStealer, which specifically targets Windows systems using Remote Desktop Protocol (RDP). This malware is designed to pilfer sensitive information from drives shared over RDP connections.
July 7, 2023
A zero-day vulnerability has been discovered in MOVEit Transfer, a file transfer software developed by Ipswitch. This vulnerability poses a risk of data theft from organizations.
July 7, 2023
A technique has been discovered by security researchers that enables the delivery of malware through Microsoft Teams, bypassing the file restrictions from external sources.