July 2, 2024 at 02:54PM CISA and PTC reported a critical flaw in an industrial computer-aided design software server (CVE-2024-6071), exposing systems to unauthorized remote access. A patch has been issued for affected Creo Elements/Direct License Servers, urging immediate update. PTC stated no evidence of exploitation in the wild and emphasized no impact on the … Read more
May 31, 2024 at 10:30AM Microsoft stresses the critical need to secure internet-exposed operational technology (OT) devices as cyber attacks continue to target such environments. The company warns that OT systems lack adequate security, making them vulnerable to exploitation and attacks. To mitigate these risks, organizations are urged to implement security measures and reduce the … Read more
May 8, 2024 at 12:44PM A use-after-free flaw in the open-source Tinyproxy (versions 1.11.1 and 1.10.0) allows attackers to trigger memory corruption, potentially leading to denial-of-service (DoS) and remote code execution (RCE) via a specially crafted HTTP Connection header. The flaw is rated 9.8 out of 10 in severity. While no known exploitation exists, more … Read more
May 3, 2024 at 05:45AM The U.S. government issued a cybersecurity advisory about North Korean threat actors using spear-phishing campaigns to gather intelligence. They exploit weak DMARC policies to send spoofed emails, targeting foreign policy experts. The group, known as Kimsuky, engages targets in prolonged, benign conversations to build trust and uses fake email addresses … Read more
April 17, 2024 at 03:31PM OpenMetadata’s open source metadata repository has been actively exploited since April, allowing threat actors to execute cyberattacks against unpatched Kubernetes clusters. Researchers identified five vulnerabilities affecting versions preceding v1.3.1. Cybercriminals are leveraging these vulnerabilities for cryptocurrency mining and may engage in further malicious activities. OpenMetadata administrators are urged to update … Read more
April 12, 2024 at 04:48PM A zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks firewalls has been exploited by threat actor ‘UTA0218’ for over two weeks. The issue permits unauthorized execution of code with root privileges. Palo Alto is expected to release patches by April 14. Organizations are urged to take immediate mitigation steps and be … Read more
March 1, 2024 at 08:57AM US government agencies issued a warning about ongoing Phobos ransomware attacks targeting critical infrastructure sectors. Operating since May 2019, Phobos employs a ransomware-as-a-service (RaaS) model, with tactics such as phishing emails, IP scanning, and use of remote access tools. Recommendations for mitigations and indicators of compromise are provided. From the … Read more
February 29, 2024 at 01:35PM The Cybersecurity and Infrastructure Security Agency (CISA) and its partners have issued a joint Cybersecurity Advisory to warn about cyber threat actors exploiting vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Threat actors can bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. Organizations are … Read more
February 29, 2024 at 10:42AM The joint Cybersecurity Advisory (CSA) highlights the Phobos ransomware threat, observed as recently as February 2024. It describes the ransomware’s tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and provides recommendations from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information … Read more
February 19, 2024 at 03:26PM The BfV and NIS issued a joint advisory warning of cyber-espionage operations by North Korean actors targeting the global defense sector. The attacks focus on stealing military technology and utilizing tactics like supply-chain attacks and social engineering. The advisory provides detailed steps and recommends security measures such as limiting access, … Read more