OT:ICEFALL Research from Forescout Explores Insecure-by-Design State of Operational Technology The latest research from Forescout’s Vedere Labs explores the state of risk management in operatio...
Understanding the Ransomware Ecosystem: From Screen Lockers to Multimillion-Dollar Criminal EnterpriseJune 22, 2022
Ransomware is a constantly evolving cyberthreat, and it is through its evolution that ransomware has managed to not only survive, but thrive.
CVE-2022-27511, CVE-2022-27512: Patches for Two Citrix Application Delivery Management VulnerabilitiesJune 17, 2022
Citrix patches a “nasty bug” in its Application Delivery Management solution that is difficult to exploit.
Microsoft addresses 55 CVEs in its June 2022 Patch Tuesday release, including three critical flaws.
CVE-2022-26134: Zero-Day Vulnerability in Atlassian Confluence Server and Data Center Exploited in the WildJune 3, 2022
A critical vulnerability in Atlassian Confluence Server and Data Center has been exploited in the wild by multiple threat actors. Organizations should review and implement mitigation guidance until a patch becomes available.
CVE-2022-30190: Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the Wild Microsoft confirms remote code execution vulnerability in Microsoft Windows Support Diagnostic Too...
Twitter Crypto Scams: Bored Ape Yacht Club, Azuki and Other Projects Impersonated to Steal NFTs, Digital CurrenciesMay 26, 2022
Scammers are using verified and unverified accounts to impersonate notable NFT projects like Bored Ape Yacht Club and others, tagging Twitter users to drive them to phishing websites.
Organizations and government agencies are strongly advised to patch two newly disclosed vulnerabilities in VMware products, following warnings from VMware and the Cybersecurity and Infrastructure Security Agency.
Microsoft addresses 73 CVEs in its May 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild.
CVE-2022-1388: Authentication Bypass in F5 BIG-IP F5 patched an authentication bypass in its BIG-IP product family that could lead to arbitrary command execution. This vulnerability is actively...
Hot Patches for Log4Shell Introduced Multiple Vulnerabilities in Amazon Web Services Amazon Web Services has addressed vulnerabilities introduced by the hot patches released in response to the ...
Oracle addresses 221 CVEs in its second quarterly update of 2022 with 520 patches, including 27 critical updates.