Xynik

Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases

by

January 19, 2024 at 06:12AM The US security agency CISA warns of increasing exploitation of two Ivanti Connect Secure VPN vulnerabilities by a Chinese cyberespionage group, compromising over 2,100 devices belonging to various organizations. Additionally, a separate Ivanti product flaw is being exploited. Patches have been released with mitigations, but widespread exploitation continues, including new … Read more

VMware vCenter Server Vulnerability Exploited in Wild 

by

January 19, 2024 at 06:12AM VMware warns of CVE-2023-34048, a critical vCenter Server vulnerability exploited in the wild. The issue, an out-of-bounds write problem related to DCERPC protocol implementation, allows remote code execution with network access. VMware released patches in October, even for end-of-life versions. The exploitation has been confirmed, with potentially hundreds of exposed … Read more

Nigerian Businesses Face Growing Ransomware-as-a-Service Trade

by

January 19, 2024 at 06:09AM Ransomware-as-a-service is poised to drive an increase in attacks in Nigeria, impacting both public and private sectors. A Cyber Security Experts of Nigeria (CSEAN) report highlights the impact of ransomware groups and variants in 2023, urging proactive measures such as prompt patching and stronger monitoring practices to mitigate the anticipated … Read more

Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

by

January 19, 2024 at 03:33AM A recently discovered malicious npm package “oscompatible” was found to deploy a sophisticated remote access trojan on compromised Windows machines. This attack highlights the increasing targeting of open-source software ecosystems and the risks associated with deprecated npm packages. The security firm Aqua revealed that 21.2% of top npm packages are … Read more

IT consultant fined for daring to expose shoddy security

by

January 19, 2024 at 01:52AM A German security researcher was fined €3,000 for uncovering an e-commerce database vulnerability affecting almost 700,000 customer records. The contractor, Hendrik H., discovered a plain-text password stored in a program file, providing potential access to customer data. Despite initial court support, the Jülich District Court later fined him under Germany’s … Read more

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

by

January 19, 2024 at 12:03AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a now-patched critical flaw in Ivanti Endpoint Manager Mobile and MobileIron Core to its Known Exploited Vulnerabilities catalog. The flaw enables unauthorized remote access and has been actively exploited, affecting several versions of the impacted software. Federal agencies are advised … Read more

Cybercrooks Target Docker Containers With Novel Pageview Generator

by

January 18, 2024 at 03:26PM Cyberattackers are using a new gray-area tool called 9hits Traffic Exchange to generate artificial page views for websites. This tool allows users to buy credits and exchange them for traffic to a specific site, potentially inflating engagement numbers for advertisers. Attackers are targeting Docker services to deploy this tool along … Read more

Reduce Business Email Compromise with Collaboration

by

January 18, 2024 at 03:14PM The Trend Micro’s Trend Vision One™ platform integrates business email security with collaboration, addressing the increasing need for unified protection. It provides comprehensive threat protection, detection, and response across email, servers, cloud, and network, assisting IT and security teams in managing risks effectively. The solution aims to prevent phishing, ransomware, … Read more

Microsoft tests instant access to Android photos in Windows 11

by

January 18, 2024 at 02:47PM Microsoft is introducing a feature for Windows 11, allowing users to quickly access and edit photos and screenshots from their Android smartphones in the Snipping Tool app. This will be achieved by granting PC permission to connect with the Android device, and a Cross Device Experience Host update will be … Read more

JPMorgan exec claims bank repels 45 billion cyberattack attempts per day

by

January 18, 2024 at 02:09PM JPMorgan Chase’s CEO revealed at Davos that the bank fends off 45 billion cyberattack attempts daily, doubling from the previous year. With 62,000 technologists, JPMC claims to outpace Google and Amazon. The financial giant faces perceived risks, revealed by the Bank of England, and a $272m fraud lawsuit, amid ongoing … Read more