Cybersecurity

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | CISA

The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity. […]

Cybersecurity

Progress Software discloses 2 new CVEs in MOVEit

Dive Brief: Progress Software disclosed two new high-severity vulnerabilities in the beleaguered MOVEit file-transfer service last week. A privilege escalation path vulnerability, CVE-2023-6218, and a cross-site scripting vulnerability, CVE-2023-6217, were disclosed and patched Nov. 29.  The additional set of vulnerabilities brings the total number of CVEs in MOVEit to eight since a zero-day vulnerability, CVE-2023-34362, […]

Cybersecurity

Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software

Dec 08, 2023NewsroomEndpoint Security / Malware Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. “Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to launch […]

Cybersecurity

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

Dec 08, 2023NewsroomVulnerability / Website Security WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. “A remote code execution vulnerability that is not directly exploitable in core; however, the security […]