USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend. US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend. Government experts are aware of the ongoing […]
The Conti ransomware operators are targeting Microsoft Exchange servers leveraging recently disclosed ProxyShell vulnerability exploits. The Conti ransomware gang is targeting Microsoft Exchange servers leveraging exploits with recently disclosed ProxyShell vulnerabilities. ProxyShell is the name of three vulnerabilities that could be chained by an unauthenticated remote attacker to gain code execution on Microsoft Exchange servers. […]
Mandiant researchers spotted a new malware family, dubbed PRIVATELOG, that relies on the Common Log File System (CLFS) to evade detection solutions. FireEye’s Mandiant cybersecurity researchers spotted a new malware family, named PRIVATELOG, that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files to avoid detection. Common […]
FBI warns ransomware gangs are actively targeting organizations in the food and agriculture sector. The FBI Cyber Division issued a Private Industry Notification (PIN) to warn of ransomware attacks targeting the Food and Agriculture sector disrupting its operations, causing financial loss and negatively impacting the overall food supply chain. Small farms, large producers, processors and […]
SolarWinds did not enable anti-exploit mitigation available since 2006 allowing threat actors to target SolarWinds Serv-U FTP software in July attacks. Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July. Microsoft, which investigated the incidents, […]
The now-fixed CVE-2020-1910 vulnerability in WhatApp ‘s image filter feature could have exposed user data to remote attackers. A high-severity security vulnerability in WhatApp’s image filter feature, tracked as CVE-2020-1910, could have been exploited by attackers to read sensitive information from the app’s memory by simply sending a specially crafted image over the messaging app […]
Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS […]
Threat actors are actively exploiting a recently patched vulnerability in Atlassian’s Confluence enterprise collaboration product. Threat actors were spotted exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise […]
Cisco released patches for a critical authentication bypass issue in Enterprise NFV Infrastructure Software (NFVIS) for which PoC exploit code is available. Cisco announced the availability of security patches for a critical authentication bypass flaw (CVE-2021-34746) in Enterprise NFV Infrastructure Software (NFVIS) for which proof-of-concept exploit code is already available. An attacker can exploit the […]
Google announced the release of Chrome 93 that addresses 27 security vulnerabilities, 19 issues were reported through its bug bounty program. Google announced the release of Chrome 93 for Windows, Mac and Linux that addresses a total of 27 flaws, including 19 vulnerabilities that were reported through its bug bounty program. Google paid over $130,000 in […]