All - Security Ticks

IT Vulnerability Weekly Report: Cyble Urges Fixes for Fortinet, Palo Alto & More

IT Vulnerability Weekly Report: Cyble Urges Fixes for Fortinet, Palo Alto & More 2024-10-18 at 11:41 By daksh sharma IT products from Fortinet, Palo Alto Networks, GitLab, Microsoft, Ivanti, Veeam and Zimbra are at high risk of attack and should be patched now. The post IT Vulnerability Weekly Report: Cyble Urges Fixes for Fortinet, Palo […]

React to this headline:

IT Vulnerability Weekly Report: Cyble Urges Fixes for Fortinet, Palo Alto & More Read More »

Critical Vulnerability in Veeam Products Exploited by Ransomware Gangs

All / SecurityTicks

Critical Vulnerability in Veeam Products Exploited by Ransomware Gangs 2024-10-16 at 18:46 By daksh sharma Key Takeaways Overview Threat actors have exploited a recent critical vulnerability in Veeam Backup & Replication to deploy Akira and Fog ransomware. This vulnerability, designated as CVE-2024-40711, is rated 9.8 out of 10.0 on the Common Vulnerability Scoring System (CVSS) scale,

React to this headline:

Critical Vulnerability in Veeam Products Exploited by Ransomware Gangs Read More »

Data Breach and DDoS Attacks Take Archive.org and Open Library Offline

All, cybercrime, data breach, Data leak, DDoS / SecurityTicks

Data Breach and DDoS Attacks Take Archive.org and Open Library Offline 2024-10-12 at 03:19 By Paul Shread Key Takeaways Overview The Internet Archive has taken its Archive.org and OpenLibrary.org sites offline in response to a data breach and repeated DDoS attacks. The breach of a user authentication database, which exposed the email addresses and credentials

React to this headline:

Data Breach and DDoS Attacks Take Archive.org and Open Library Offline Read More »

CISA Issues Urgent Advisory on Critical Vulnerabilities in Ivanti Products

All, Ivanti, Ivanti Cloud Service Application, Ivanti Connect Secure, Ivanti Velocity License Server / SecurityTicks

CISA Issues Urgent Advisory on Critical Vulnerabilities in Ivanti Products 2024-10-10 at 11:16 By dakshsharma16 Overview The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory report on vulnerabilities disclosed in multiple Ivanti products. These products include Ivanti Endpoint Manager Mobile (EPMM), Ivanti Cloud Service Application (CSA), Ivanti Velocity License Server, Ivanti Connect

React to this headline:

CISA Issues Urgent Advisory on Critical Vulnerabilities in Ivanti Products Read More »

Apple Issues Urgent Security Advisory for iOS and iPadOS Vulnerabilities

All / SecurityTicks

Apple Issues Urgent Security Advisory for iOS and iPadOS Vulnerabilities 2024-10-08 at 16:46 By dakshsharma16 Overview Apple has released a new security advisory highlighting the issues affecting Apple’s iOS and iPadOS platforms. As detailed in the advisory, two vulnerabilities have been identified, both of which affect Apple iOS and iPadOS up to version 18.0. The

React to this headline:

Apple Issues Urgent Security Advisory for iOS and iPadOS Vulnerabilities Read More »

Top ICS Vulnerabilities This Week: Cyble Urges Siemens and Rockwell Automation Fixes

All / SecurityTicks

Top ICS Vulnerabilities This Week: Cyble Urges Siemens and Rockwell Automation Fixes 2024-09-27 at 12:16 By dakshsharma16 Key Takeaways Overview Cyble Research and Intelligence Lab (CRIL) researchers investigated 11 vulnerabilities in industrial control systems (ICS) for the week of Sept. 17-23 and urged security teams to prioritize patching two of them, in Siemens SIMATIC S7-200

React to this headline:

Top ICS Vulnerabilities This Week: Cyble Urges Siemens and Rockwell Automation Fixes Read More »

Ranveer Allahbadia YouTube Channel Hack: What Happened and What’s Next

All / SecurityTicks

Ranveer Allahbadia YouTube Channel Hack: What Happened and What’s Next 2024-09-27 at 12:01 By dakshsharma16 On a recent Wednesday night, Ranveer Allahbadia, the popular figure behind the YouTube channels BeerBiceps and his main channel, became a victim of a cyberattack. The Ranveer Allahbadia YouTube channel hack resulted in a complete overhaul of their content and

React to this headline:

Ranveer Allahbadia YouTube Channel Hack: What Happened and What’s Next Read More »

Major ICS Security Flaws Disclosed in LOYTEC, Hughes, and Baxter Products

All, Baxter, Hughes, LOYTEC, Threat Intelligence / SecurityTicks

Major ICS Security Flaws Disclosed in LOYTEC, Hughes, and Baxter Products 2024-09-11 at 19:16 By dakshsharma16 Key Takeaways Overview The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted multiple vulnerabilities in ICS products from LOYTEC Electronics GmbH, Hughes Network Systems, and Baxter. Cyble Research & Intelligence Labs (CRIL) stressed critical vulnerabilities and threats identified between

React to this headline:

Major ICS Security Flaws Disclosed in LOYTEC, Hughes, and Baxter Products Read More »

CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog

All / SecurityTicks

CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog 2024-09-11 at 16:31 By dakshsharma16 The Cybersecurity and Infrastructure Security Agency (CISA) KEV Catalog adds CVE-2016-3714, CVE-2017-1000253, and CVE-2024-40766. The post CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog appeared first on Cyble. This article is an excerpt from Cyble View Original Source

React to this headline:

CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog Read More »

CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog

All, CVE-2016-3714, CVE-2017-1000253, cybercriminals, Threat Intelligence, vulnerability / SecurityTicks

CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog 2024-09-10 at 18:01 By dakshsharma16 Key Takeaways Overview The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding three new vulnerabilities. These newly identified flaws represent significant security risks and are actively being exploited by malicious actors.

React to this headline:

CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog Read More »

Weekly IT Vulnerability Report for August 28, 2024 – September 03, 2024

All, Threat Intelligence, vulnerability / SecurityTicks

Weekly IT Vulnerability Report for August 28, 2024 – September 03, 2024 2024-09-10 at 10:31 By dakshsharma16 Key Takeaways: Overview This Weekly Vulnerability Intelligence Report explores vulnerability updates between August 28 to September 3. The CRIL team investigated 13 vulnerabilities this week, among other disclosed issues, to present critical, high, and medium insights. This comprehensive

React to this headline:

Weekly IT Vulnerability Report for August 28, 2024 – September 03, 2024 Read More »

Reputational Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC)

All / SecurityTicks

Reputational Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC) 2024-09-09 at 15:16 By rohansinhacyblecom Key takeaways Overview CapCut, a video editing tool developed by Bytedance, has become increasingly popular. This popularity has extended to CapCut-themed attacks, which are on the rise among TAs. These themes have been frequently used in phishing campaigns.

React to this headline:

Reputational Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC) Read More »

CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats

All, Palo Alto Networks, Threat Intelligence, vulnerability / SecurityTicks

CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats 2024-09-03 at 18:46 By dakshsharma16 CERT-In’s advisory on Palo Alto Networks vulnerabilities and WikiLoader’s fake GlobalProtect installers highlight major security risks. Key Takeaways Overview CERT-In’s recent advisory and the emergence of WikiLoader malware highlight pressing security concerns involving Palo Alto Networks applications and new

React to this headline:

CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats Read More »

#FreeDurov: Hacktivists Scramble on Telegram Supporting Pavel’s Release

All / SecurityTicks

#FreeDurov: Hacktivists Scramble on Telegram Supporting Pavel’s Release 2024-08-29 at 16:02 By rohansinhacyblecom Executive Summary The arrest of Telegram’s founder and CEO, Pavel Durov, on August 24, 2024, due to allegations that his messaging platform has been used for various illicit activities has sparked significant international attention and debate, particularly around issues of freedom of

React to this headline:

#FreeDurov: Hacktivists Scramble on Telegram Supporting Pavel’s Release Read More »

Investigating the New Jellyfish Loader

All, Malware / SecurityTicks

Investigating the New Jellyfish Loader 2024-07-15 at 17:33 By Neetha Key Takeaways Overview CRIL researchers came across a ZIP file, initially uploaded from Poland. This file contains a Windows shortcut (.lnk). When executed, the .lnk file opens a clean PDF and subsequently downloads and executes a new .NET-based shellcode loader, JellyfishLoader. The new Jellyfish Loader

React to this headline:

Investigating the New Jellyfish Loader Read More »

What is threat management?

All / SecurityTicks

What is threat management? 2024-01-12 at 11:01 By dimpishahcyble What is Threat Management? Threat Management is a comprehensive procedure that identifies, prevents, and responds to cyber threats. A robust threat management process is crucial in minimizing the risk of cyberattacks. By proactively addressing potential threats, organizations can enhance their cybersecurity posture and fortify their defenses

React to this headline:

What is threat management? Read More »

Cyble Chronicles – January 5: Latest Findings & Recommendations for the Cybersecurity Community

All / SecurityTicks

Cyble Chronicles – January 5: Latest Findings & Recommendations for the Cybersecurity Community 2024-01-05 at 14:17 By cybleinc Cyble recaps the week of Dec 29th – Jan 5th and all the major cyber events, company updates and more in this wrap-up. The post Cyble Chronicles – January 5: Latest Findings & Recommendations for the Cybersecurity

React to this headline:

Cyble Chronicles – January 5: Latest Findings & Recommendations for the Cybersecurity Community Read More »

Cyble Chronicles – December 29: Latest Findings & Recommendations for the Cybersecurity Community

All / SecurityTicks

Cyble Chronicles – December 29: Latest Findings & Recommendations for the Cybersecurity Community 2023-12-29 at 13:01 By cybleinc Cyble recaps the week of Dec 22 – Dec 29th and all the major cyber events, company updates and more in this wrap-up. The post Cyble Chronicles – December 29: Latest Findings & Recommendations for the Cybersecurity

React to this headline:

Cyble Chronicles – December 29: Latest Findings & Recommendations for the Cybersecurity Community Read More »

New Editbot Stealer Spreads Via Social Media Messages

All / SecurityTicks

New Editbot Stealer Spreads Via Social Media Messages 11/12/2023 at 18:01 By cybleinc New Editbot Stealer Spreads Via Social Media Messages Key Takeaways Overview On December 5th, CRIL came across a potentially malicious RAR file on VirusTotal. The investigation unfolded rapidly as similar files began surfacing on VirusTotal within a short timeframe. The image below

React to this headline:

New Editbot Stealer Spreads Via Social Media Messages Read More »

New Persian Remote World Selling a Suite of Malicious Tools

All, infostealer, Keylogger, Malware, Persian Loader, Persian RAT, Persian Remote, Persian X Loader, trojan / SecurityTicks

New Persian Remote World Selling a Suite of Malicious Tools 23/11/2023 at 11:46 By cybleinc CRIL analyzes a new website – Persian Remote World – selling malicious software, including RATs and Malware loaders, for monetary gain. The post New Persian Remote World Selling a Suite of Malicious Tools appeared first on Cyble. This article is

React to this headline:

New Persian Remote World Selling a Suite of Malicious Tools Read More »