November 9, 2023 at 07:40AM Cybercriminals associated with the Cl0p ransomware gang, known as Lace Tempest, have exploited a zero-day vulnerability in on-prem versions of IT service and help desk software SysAid. Microsoft’s Threat Intelligence discovered the exploits and reported them to SysAid, who promptly released patches. The attackers used a new path traversal vulnerability … Read more
November 9, 2023 at 05:30AM SysAid IT service management software has been targeted by a zero-day vulnerability used by a ransomware operation. Microsoft’s threat intelligence team discovered the exploitation and alerted SysAid, who released a patch on November 8. The vulnerability enables arbitrary code execution and was used by the group Lace Tempest, also linked … Read more
November 1, 2023 at 02:49PM Threat actors are targeting government, technical, and legal organizations globally by exploiting the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. The attacks have been ongoing since August 2023 and involve credential theft and lateral movement. The attacks are difficult to detect due to limited forensic evidence. … Read more
October 30, 2023 at 03:00PM The ransomware group LockBit claims to have breached Boeing and threatens to release sensitive data if their ransom demands aren’t met by November 2. Boeing is evaluating the claim, and if true, it could lead to significant consequences, including an increased risk of phishing attacks. LockBit, known for their previous … Read more
October 25, 2023 at 11:41AM Winter Vivern, a low-profile threat group, has been exploiting a zero-day flaw in Roundcube Webmail servers to target governmental organizations and a think tank in Europe. The group sends a specially crafted email that loads an arbitrary JavaScript code, exploiting a newly discovered cross-site scripting flaw. Roundcube has released security … Read more
October 25, 2023 at 09:45AM The Winter Vivern threat actor has been using a zero-day vulnerability in Roundcube webmail software to access victim’s email accounts. Winter Vivern has previously targeted Ukraine, Poland, and government entities in Europe and India. The newly discovered vulnerability, CVE-2023-5631, allows for the injection of arbitrary JavaScript code. Attackers employ a … Read more
October 25, 2023 at 09:41AM The Winter Vivern Russian hacking group has been targeting European government entities and think tanks since at least October 11 by exploiting a zero-day vulnerability in Roundcube Webmail. The Roundcube development team has released security updates to fix the vulnerability. The group, also known as TA473, uses phishing emails containing … Read more
October 24, 2023 at 03:03PM Rockwell Automation has issued a warning to customers that its Stratix industrial switches are vulnerable to an actively exploited Cisco IOS XE zero-day vulnerability. Hackers have been taking advantage of this vulnerability to create high-privileged accounts and gain complete control of affected devices. Rockwell has confirmed that its Stratix 5800 … Read more
October 21, 2023 at 12:33AM Cisco has alerted users to a zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor. The flaw, tracked as CVE-2023-20273, allows for privilege escalation and the deployment of a malicious implant. Cisco has identified a fix and recommends disabling the HTTP server feature until … Read more
October 19, 2023 at 07:06AM Approximately 40,000 Cisco devices have been hacked through an unpatched vulnerability in the IOS XE. The vulnerability, identified as CVE-2023-20198, allows attackers to escalate privileges and gain control of the system. Cisco has not released patches and warns that the vulnerability has been exploited as a zero-day since mid-September. Vulnerability … Read more