According to research by Microsoft Threat Intelligence, known vulnerabilities in the OpenMetadata open source metadata repository have been actively exploited since early April, allowing threat actors to launch remote code…
Category: Cyber Security
Ivanti releases fixes for over 2 dozen vulnerabilities
Ivanti has it released 27 fixes for various vulnerabilities reported in the Q1 2024 release. None of the vulnerabilities are actively exploited, according to the vendor. The company recommends users…
Hackers exploit Fortinet flaw, implement ScreenConnect and Metasploit in new campaign
April 17, 2024PressroomWeb Application Vulnerabilities/Firewall Cybersecurity researchers have discovered a new campaign that exploits a recently discovered security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun…
6 key lessons from Ukraine
COMMENT As the conflict in Ukraine enters its third year, the global community is confronted with the grim reality of modern warfare, where cyber operations have emerged as a key…
Russian APT Deploys New “Kapeka” Backdoor in Attacks in Eastern Europe
April 17, 2024PressroomRansomware/cyber espionage A previously undocumented “flexible” backdoor called Cape Town has been observed “sporadically” in cyberattacks against Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The…
Various botnets target year-old TP-Link flaw in IoT attacks
Numerous botnets are targeting a nearly year-old command-injection vulnerability in TP-Link routers to compromise devices for IoT-based distributed denial of service (DDoS) attacks. There is already a patch for the…
A new headache for SaaS security teams
The introduction of Open AI’s ChatGPT was a watershed moment for the software industry, kicking off a GenAI rush with its release in November 2022. SaaS vendors are now rushing…
A smishing campaign lures victims with notices of unpaid tolls
The FBI warns people about the spread Phishing via SMS (smishing) “state-to-state” campaign that lures people in with messages informing them they have unpaid tolls to resolve. The scam aims…
Critical Atlassian flaw exploited to distribute Linux variant of Cerber ransomware
April 17, 2024PressroomCryptography/Vulnerabilities Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of the Cerber ransomware (also known as C3RB3R). The attacks exploit CVE-2023-22518 (CVSS score: 9.1),…
Sandworm is Russia’s main cyberattack unit in Ukraine
The formidable hacker group Sandworm has played a central role in supporting Russian military objectives in Ukraine over the past two years, even as it has stepped up cyber threat…