Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software

11/01/2024 0 Comments 0 tags

Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 (CVSS score:

Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure

11/01/2024 0 Comments 0 tags

A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm

Mandiant’s X Account Was Hacked Using Brute-Force Attack

11/01/2024 0 Comments 0 tags

The compromise of Mandiant’s X (formerly Twitter) account last week was likely the result of a “brute-force password attack,” attributing the hack to a drainer-as-a-service (DaaS) group. “Normally, [two-factor authentication]

Atomic Stealer Gets an Upgrade – Targeting Mac Users with Encrypted Payload

11/01/2024 0 Comments 0 tags

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. “It looks like

There is a Ransomware Armageddon Coming for Us All

11/01/2024 0 Comments 0 tags

Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising headline from 2023 is that ransomware again set new records

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

11/01/2024 0 Comments 0 tags

A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid,

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

11/01/2024 0 Comments 0 tags

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

11/01/2024 0 Comments 0 tags

The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control,

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager

11/01/2024 0 Comments 0 tags

A security flaw has been disclosed in Kyocera’s Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. “This vulnerability allows attackers to coerce

Why Public Links Expose Your SaaS Attack Surface

11/01/2024 0 Comments 0 tags

Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to