January 2, 2024 at 03:06PM Info-stealing malware can still access compromised Google accounts even after passwords are changed, due to a zero-day exploit first mentioned by the cybercriminal “PRISMA.” The exploit involves regenerating session tokens to access emails and cloud storage. CloudSEK identified the exploit in the undocumented Google OAuth endpoint “MultiLogin.” The discover reveals … Read more
December 29, 2023 at 11:16AM Multiple malware families are exploiting an undocumented Google OAuth endpoint called “MultiLogin” to revive expired authentication cookies and infiltrate users’ accounts. This technique allows cybercriminals to gain unauthorized access to Google accounts, even after password resets or logouts. Despite being notified, Google has not responded to inquiries about this issue. … Read more
December 5, 2023 at 12:07PM CISA warns of ongoing attacks exploiting a critical Adobe ColdFusion vulnerability (CVE-2023-26360), despite a fix. Hackers targeted government servers, installing malware and conducting reconnaissance. Although attacks were contained, CISA stresses updating ColdFusion and enhancing security measures. Meeting Takeaways: 1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a … Read more
December 4, 2023 at 03:19PM Microsoft warns of APT28 exploiting a critical Outlook flaw, CVE-2023-23397, to hijack Exchange accounts, targeting governmental and key sectors in the US, Europe, and the Middle East. The attacks, using various vulnerabilities, have been ongoing since April 2022. Urgent mitigation includes applying security updates and enabling MFA. Meeting Takeaways: 1. … Read more
November 30, 2023 at 11:36PM Apple rolled out updates for iOS, iPadOS, macOS, and Safari to fix two actively exploited WebKit vulnerabilities. These flaws could potentially leak sensitive data and enable arbitrary code execution. The affected versions precede iOS 16.7.1, and all WebKit-based browsers on Apple devices are impacted. Devices from iPhone XS and certain … Read more
November 29, 2023 at 12:18AM Google patched seven Chrome security issues, including an actively exploited zero-day (CVE-2023-6345) in the Skia graphics library. Users should update to the latest version to prevent potential threats. This marks the sixth zero-day patched in 2023. Chromium-based browser users should also update. Meeting Takeaways: 1. Google has issued security updates … Read more
November 9, 2023 at 09:33AM Threat actors are exploiting a zero-day vulnerability in SysAid software to gain unauthorized access to corporate servers for data theft and ransomware deployment. The vulnerability, currently known as CVE-2023-47246, was used by a threat actor group called Lace Tempest to deploy Clop ransomware. SysAid has developed a patch and urges … Read more
October 25, 2023 at 12:16PM Winter Vivern, a Russia-linked advanced persistent threat (APT) actor, has been exploiting a zero-day vulnerability in the Roundcube webmail server to target government entities and a think tank in Europe. Winter Vivern, also known as TA473, focuses on espionage and has previously targeted NATO countries. It has been targeting email … Read more
October 23, 2023 at 05:07PM Security researchers have observed a sharp decline in the number of infected Cisco IOS XE systems over the weekend. The reason behind this decline is that the attacker altered the implant, making it no longer visible via previous fingerprinting methods. However, nearly 38,000 devices remain compromised if one knows how … Read more
October 23, 2023 at 10:09AM Cisco has released a free software update to address two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise over 50,000 IOS XE devices. The first fixed release available is 17.9.4a, with updates for other releases to be disclosed later. The vulnerabilities are in the web UI of Cisco devices … Read more