Microsoft Patch Tuesday security updates for October 2022 addressed a total of 85 security vulnerabilities, including an actively exploited zero-day. Microsoft Patch Tuesday security updates for October 2022 addressed 85 new vulnerabilities in multiple products, including Microsoft Windows and Windows Components; Azure, Azure Arc, and Azure DevOps; Microsoft Edge (Chromium-based); Office and Office Components; Visual Studio […]
VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048, in the vCenter Server. The flaw was disclosed in November 2021, it resides in the vCenter Server ‘s IWA (Integrated Windows […]
Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware. Threat actors initially deployed […]
Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine. The experts noticed that the toolkit has an intuitive interface and supports multiple features that allow customers to easily arrange phishing campaigns. The service […]
Threat actors behind the Emotet bot are continually improving their tactics, techniques, and procedures to avoid detection. VMware researchers have analyzed the supply chain behind the Emotet malware reporting that its operators are continually shifting their tactics, techniques, and procedures to avoid detection. The Emotet banking trojan has been active at least since 2014, the botnet is operated by […]
California-based Resecurity has identified a new spike of underground services enabling bad actors to generate deepfakes. According to cybersecurity experts, this may be used for political propaganda, foreign influence activity, disinformation, scams, and fraud. Introduced by Canadian researchers to the public in 2014, Generative Adversarial Networks (GANs), typically imitate people’s faces, speech, and unique facial […]
Toyota Motor Corporation discloses data leak, customers’ personal information may have been exposed after an access key was exposed on GitHub. Toyota Motor Corporation warns customers that their personal information may have been accidentally exposed after an access key was publicly available on GitHub for almost five years. The carmaker discovered recently that a portion […]
Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild. Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. An attacker can exploit the vulnerability to log into vulnerable devices. “An authentication bypass using an alternate […]
The pro-Russia hacktivist group ‘KillNet’ is behind massive DDoS attacks that hit websites of several major airports in the US. The pro-Russia hacktivist group ‘KillNet‘ is claiming responsibility for massive distributed denial-of-service (DDoS) attacks against the websites of several major airports in the US. The DDoS attacks have taken the websites offline, users were not […]
The German Interior Minister wants to dismiss the head of the Federal Cyber Security Authority (BSI), Arne Schoenbohm, due to possible contacts with Russian security services. German Interior Minister Nancy Faeser wants to dismiss the head of the Federal Cyber Security Authority (BSI), Arne Schoenbohm, due to possible contact with people involved with Russian security […]