CISA Warns of Actively Exploited D-Link Router Vulnerabilities – Patch Now

May 17, 2024 at 03:39AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added security flaws in D-Link routers to its Known Exploited Vulnerabilities list. The flaws include a CSRF vulnerability affecting D-Link DIR-600 routers and an information disclosure vulnerability impacting D-Link DIR-605 routers. Additionally, a vulnerability in Ivanti EPMM could permit an authenticated local … Read more

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

March 20, 2024 at 03:06AM Critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) in TeamCity On-Premises platform allow attackers to gain administrative control. Exploitation includes deploying Jasmin ransomware, XMRig cryptocurrency miner, Cobalt Strike beacons, SparkRAT backdoor, and executing domain discovery and persistence commands. Organizations must promptly update affected systems to prevent widespread exploitation. Based on the meeting notes, … Read more

Google Links Over 60 Zero-Days to Commercial Spyware Vendors

February 6, 2024 at 06:18AM A recent report from Google revealed that over 60 zero-day vulnerabilities in Apple, Adobe, Google, Microsoft, and Mozilla products since 2016 are linked to commercial spyware vendors. These companies allegedly aid governments in targeting individuals, contradicting claims of lawful surveillance. The vendors pay millions for exploits, and Google’s Threat Analysis … Read more

CISA Sets a Deadline – Patch Juniper Junos OS Flaws Before November 17

November 14, 2023 at 01:33AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has set a November 17 deadline for federal agencies and organizations to address security flaws in Juniper Junos OS. CISA added five vulnerabilities to the Known Exploited Vulnerabilities catalog, with potential for remote code execution. CISA also warned about the Royal ransomware … Read more