The US CISA warns to address a severe security vulnerability dubbed ICMAD impacting SAP business apps using ICM.. Internet Communication Manager Advanced Desync (ICMAD) is a memory pipes (MPI) desynchronization vulnerability tracked as CVE-2022-22536. An unauthenticated remote attacker could exploit this issue by sending a simple HTTP request to a vulnerable instance and take over it. […]
Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products, including a zero-day bug. Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products including Microsoft Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office […]
A cyberattack hit Vodafone Portugal causing severe outages in the country of its communication and television services. Vodafone Portugal suffered a major cyberattack that caused service outages in the country, media reported the temporary disruption of 4G/5G communications and television services. “Vodafone was the target of a network disruption that began on the night of […]
Cybersecurity firm Avast has released a decryption tool to allow victims of TargetCompany ransomware to recover their files for free. Czech cybersecurity software firm Avast has released a decryption tool that could allow victims of the TargetCompany ransomware to recover their files for free under certain circumstances. The experts warn that the decryptor consumes most of the […]
Microsoft temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware, such as Emotet. Microsoft announced to have temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware, such as Emotet. In December, Microsoft addressed a vulnerability, tracked as CVE-2021-43890, in AppX installer that affects Microsoft Windows which is under active exploitation. “We have […]
The Federal Communications Commission (FCC) says that small telecom providers have requested $5.6 billion to replace Chinese gear. The U.S. government has requested telecom providers to replace Chinese equipment in their networks due to security issues and allocated $1.9 billion to support the companies in the transaction. The Federal Communications Commission (FCC) said that the […]
US CISA ordered federal agencies to patch their systems against actively exploited CVE-2022-21882 Windows flaw. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability tracked as CVE-2022-21882. “CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat […]
Retail giant Target is going to open-source an internal tool, dubbed Merry Maker, designed to detect e-skimming attacks. Retail giant Target announced the release in open-source of an internal tool, dubbed Merry Maker, designed to detect e-skimming attacks. Merry Maker is a tool designed by Target security developers Eric Brandel and Caleb Walch (@ebrandel and @cawalch) to […]
An alleged Chinese threat actor is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform. An alleged Chinese threat actor, tracked as TEMP_Heretic, is actively attempting to exploit a zero-day XSS vulnerability in the Zimbra open-source email platform. The zero-day vulnerability impacts almost any Zimbra install running version 8.8.15. Researchers from […]
Six years ago the Powerful Greek Army (PGA) appeared in the threat landscape. After a long breach the hacker collective is back. I have interviewed them in exclusive … enjoy it! Tell me about your hacker team, which is the motivation behind the attacks? We have many motivations and reasons. First of all, we started […]