CISA Adds Eight Known Exploited Vulnerabilities to Catalog

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click…

Continue ReadingCISA Adds Eight Known Exploited Vulnerabilities to Catalog

Google Releases Security Updates for Chrome

Google has released Chrome version 101.0.4951.41 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Source: https://www.cisa.gov/uscert/ncas/current-activity/2022/04/28/google-releases-security-updates-chrome

Continue ReadingGoogle Releases Security Updates for Chrome

Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns

Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years. According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted Glupteba botnet as well as the infamous TrickBot…

Continue ReadingBotnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns

Browser-in-the-Browser Attack Makes Phishing Nearly Invisible

Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al. We’ve had it beaten into our brains: Before you go wily-nily clicking on a page,…

Continue ReadingBrowser-in-the-Browser Attack Makes Phishing Nearly Invisible

EDoS: The Next Big Threat to Your Cloud

What is EDoS? Economic Denial of Sustainability (EDoS) is a cybersecurity threat targeting cloud environments. EDoS attacks exploit the elasticity of clouds, particularly auto-scaling capabilities, to inflate the billing of a cloud user until the account reaches bankruptcy or large-scale service withdrawal. EDoS attacks exploit the cloud’s economies of scale…

Continue ReadingEDoS: The Next Big Threat to Your Cloud

7 old attack vectors cybercriminals still use

Cybercriminals rely on old attack vectors to target organizations, systems and data. Why? They work and are cheap to exploit. Even in today’s age of digital evolution, malicious hackers continue to use attack vectors dating back decades. Research shows notable periods of resurgence relating to certain methods deemed old-fashioned. What…

Continue Reading7 old attack vectors cybercriminals still use

German government advises against using Kaspersky antivirus

Germany's Federal Office for Information Security, BSI, is warning companies against using Kaspersky antivirus products due to threats made by Russia against the EU, NATO, and Germany. Kaspersky is a Moscow-based cybersecurity and antivirus provider founded in 1997, that has a long history of success, but also controversy over the…

Continue ReadingGerman government advises against using Kaspersky antivirus

New Linux botnet exploits Log4J, uses DNS tunneling for comms

A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies. The newly found malware, dubbed B1txor20 by researchers at Qihoo 360's Network Security Research Lab…

Continue ReadingNew Linux botnet exploits Log4J, uses DNS tunneling for comms

Android trojan persists on the Google Play Store since January

Security researchers tracking the mobile app ecosystem have noticed a recent spike in trojan infiltration on the Google Play Store, with one of the apps having over 500,000 installs and available to download. Most of these apps belong to a family of trojan malware used in various scams, resulting in…

Continue ReadingAndroid trojan persists on the Google Play Store since January

‘Everyone loses’: This new ransomware threatens to wipe Windows PCs if its victims don’t pay up

Ransomware tries to deletes files and render the system unusable. LokiLocker, a relatively new form of ransomware, uses the standard extortion-through-encryption racket but also incorporates disk-wiper functionality. Double extortion became a hit last year, when ransomware gangs started stealing files before encrypting them to threaten victims with a sensitive data…

Continue Reading‘Everyone loses’: This new ransomware threatens to wipe Windows PCs if its victims don’t pay up