Cybersecurity
Category Added in a WPeMatico Campaign
Nov 07, 2023NewsroomCyber Threat / Malware Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware. Both vulnerabilities […]
Nov 07, 2023NewsroomNetwork Security / Vulnerability Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows – CVE-2023-38547 (CVSS score: 9.9) – An unspecified flaw that can be leveraged by an unauthenticated user […]
A previously undocumented proxy botnet called Socks5Systemz is being distributed via PrivateLoader and Amadey malware loaders to infect computers worldwide. According to researchers, the botnet has been around since 2016 but remained under the radar only to be discovered recently. Since October, Socks5Systemz has infected approximately 10,000 systems across the globe, including India, Brazil, Colombia, […]
Estimated reading time: 13 minutes SEQRITE Labs APT-Team has discovered multiple campaigns of APT SideCopy, targeting Indian government and defense entities in the past few months. The threat group is now exploiting the recent WinRAR vulnerability CVE-2023-38831 (See our advisory for more details) to deploy AllaKore RAT, DRat and additional payloads. The compromised domains, used […]
Nov 06, 2023NewsroomData Security / Malvertising An updated version of an information stealer malware known as Jupyter has resurfaced with “simple yet impactful changes” that aim to stealthily establish a persistent foothold on compromised systems. “The team has discovered new waves of Jupyter Infostealer attacks which leverage PowerShell command modifications and signatures of private keys […]
Nov 06, 2023NewsroomVulnerability / Data Security QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution. Tracked as CVE-2023-23368 (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud. “If exploited, the vulnerability could allow […]
A Cyber Breach Delays Poll Worker Training in Mississippi’s Largest County Before the Statewide Vote
Election officials in Mississippi’s most populous county had to scramble to complete required poll worker training after an early September breach involving county computers. In Hinds County, such training is typically completed by early October before a November general election, according to Election Commissioner Shirley Varnado. Instead, office staff members worked right up to Thursday’s […]
Post-quantum cryptography (PQC) algorithms should be implemented to replace vulnerable traditional public key cryptography (PKC) algorithms to mitigate the threat of quantum computers.
Cloud native development practices are creating dangerous new security blind spots for organizations in the US, UK, France and Germany, according to a new study from Venafi. The machine identity specialist polled 800 security and IT leaders from large organizations based in these four countries to compile its latest report: The Impact of Machine Identities on […]