December 6, 2023 at 09:52AM CISA removed CVE-2022-28958, a supposed critical flaw in a D-Link router, from its Known Exploited Vulnerability catalog after a review revealed it was not a real vulnerability. VulnCheck debunked the issue, originally believed to allow remote code execution. The flaw was included due to an invalid proof of concept but … Read more
December 5, 2023 at 12:47PM CISA reported two server breaches at a federal agency due to an unpatched Adobe ColdFusion flaw (CVE-2023-26360). The attackers exploited the vulnerability for reconnaissance and malware deployment, but their further malicious activities were hindered. The incidents occurred months after agencies were ordered to patch the flaw, and the attackers’ identities … Read more
December 5, 2023 at 12:07PM CISA warns of ongoing attacks exploiting a critical Adobe ColdFusion vulnerability (CVE-2023-26360), despite a fix. Hackers targeted government servers, installing malware and conducting reconnaissance. Although attacks were contained, CISA stresses updating ColdFusion and enhancing security measures. Meeting Takeaways: 1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a … Read more
December 5, 2023 at 03:12AM A new cyber threat, AeroBlade, targeted a U.S. aerospace company in a suspected espionage attempt. The BlackBerry team identified the attack, which utilized spear-phishing, remote template injection, and a malicious VBA macro. Attacks started in September 2022 and became more stealthy over time, culminating in July 2023 with a reverse … Read more
December 4, 2023 at 03:19PM Microsoft warns of APT28 exploiting a critical Outlook flaw, CVE-2023-23397, to hijack Exchange accounts, targeting governmental and key sectors in the US, Europe, and the Middle East. The attacks, using various vulnerabilities, have been ongoing since April 2022. Urgent mitigation includes applying security updates and enabling MFA. Meeting Takeaways: 1. … Read more
December 1, 2023 at 02:15PM Agent Raccoon, a novel .NET malware used for espionage, targets organizations globally and is linked to nation-state actors by Unit 42. It masquerades as an updater, using DNS for covert communication and includes tools for credential theft and data exfiltration, with active development indicating evolving capabilities. Meeting Takeaways: 1. A … Read more
December 1, 2023 at 05:48AM The latest Gcore Radar report has revealed an unprecedented surge in DDoS attacks, with intensities surpassing 1.5 Tbps. Gcore successfully defended a gaming industry customer against two substantial DDoS attempts using a variety of defense strategies, including dynamic traffic shaping, anomaly detection, regular expression filters, and collaborative threat intelligence, thereby … Read more
November 29, 2023 at 12:18AM A critical security flaw in Apache ActiveMQ (CVE-2023-46604) is being exploited to distribute the GoTitan botnet and PrCtrl Rat malware for remote control of infected systems. Threat groups like Lazarus are using the flaw to deliver various payloads, including DDoS bots and cryptojackers. Meeting Takeaways: 1. A critical security flaw … Read more
November 27, 2023 at 06:23PM The Google Cloud Cybersecurity Forecast 2024 highlights several key cybersecurity trends. AI technology will be used to create convincing fake audio, video, and images for phishing and disinformation campaigns. Ransomware attacks are increasing, so organizations should have offline backups, incident response plans, and employee training. Cloud environments are vulnerable, so … Read more
November 25, 2023 at 12:18AM An unnamed government entity in Afghanistan fell victim to a sophisticated cyber attack involving a previously unknown web shell called HrServ. The web shell exhibits advanced features and allows threat actors to control the compromised server and carry out various malicious activities. The attack involves the use of a remote … Read more