May 17, 2024 at 09:57AM CISA added two D-Link product CVEs to its Known Exploited Vulnerabilities Catalog, urging federal agencies to address them promptly. The first CVE, CVE-2014-100005, affects decade-old security flaws in legacy D-Link routers. The second D-Link CVE added is CVE-2021-40655, an information disclosure bug in discontinued DIR-605 routers. CISA also included CVE-2024-4761, … Read more
April 26, 2024 at 10:18AM Over 1,400 vulnerable CrushFTP instances are at risk due to a critical server-side template injection bug (CVE-2024-4040). Attackers can escape the virtual file system (VFS) sandbox, gain admin privileges, and execute code. CrushFTP urges immediate upgrades, warning of exploited vulnerability with potential for data exfiltration. Difficulty in detecting exploitation adds … Read more
April 22, 2024 at 10:10AM Cyber scammers frequently use social engineering to infiltrate organizations through four phases: information gathering, relationship development, exploitation, and execution. Attackers gather intelligence from OSINT, SOCMINT, ADINT, DARKINT, and AI-INT to launch targeted social engineering scams. Businesses can lower the risk by training staff, drafting AI-use policies, and leveraging the same … Read more
April 22, 2024 at 09:33AM CrushFTP issued patches for a zero-day vulnerability affecting versions 9, 10, and 11. The flaw could allow an unauthenticated attacker to access system files. DMZ server users are protected. Version 10.71 and 11.1.0 have patches. Customers on version 9 should upgrade. The vulnerability has been exploited in the wild, and … Read more
March 16, 2024 at 04:48PM ShadowSyndicate, a ransomware actor, has targeted servers vulnerable to CVE-2024-23334 in the aiohttp Python library. The vulnerability allows remote attackers to access files on affected servers. Exploitation attempts were observed, originating from five IP addresses connected to ShadowSyndicate. Cyble’s data shows about 44,170 exposed aiohttp instances globally, making the extent … Read more
March 11, 2024 at 06:51AM Threat actors using BianLian ransomware exploit security flaws in JetBrains TeamCity software for extortion-only attacks. The cyberattack involves exploiting TeamCity vulnerabilities to gain initial access, deploying the BianLian backdoor, and using PowerShell for remote communication. VulnCheck also detailed PoC exploits for a critical flaw in Atlassian Confluence, indicating widespread exploitation. … Read more
March 8, 2024 at 03:42PM Around 150,000 Fortinet FortiOS and FortiProxy systems worldwide are vulnerable to CVE-2024-21762, enabling code execution without authentication. The Cyber Defense Agency confirmed active exploitation of the flaw, with the majority of vulnerable devices in the United States. Fortunately, a simple Python script is available to check for vulnerability. It looks … Read more
March 8, 2024 at 02:09AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities catalog due to active exploitation by threat actors. The vulnerability allows for complete server compromise and has been weaponized to deliver ransomware. Users are urged to … Read more
March 7, 2024 at 07:34AM Hackers are exploiting a critical authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises. Hundreds of unpatched instances are being compromised, posing a risk of supply-chain attacks. Vulnerable hosts are mainly in Germany, the United States, and Russia. Rapid7 urges immediate update to fix the severe issue. (Word count: 50) Key takeaways … Read more
March 1, 2024 at 08:57AM The US cybersecurity agency CISA added a high-severity elevation of privilege flaw in Microsoft Streaming Service to its Known Exploited Vulnerabilities catalog, warning of active exploitation. The flaw, tracked as CVE-2023-29360, could allow attackers to gain System privileges. CISA urges organizations to apply patches and has a deadline of March … Read more