enterprise

Attackers can steal NTLM password hashes via calendar invites

authentication, Don't miss, enterprise, Hot stuff, News, Outlook, passwords, SMBs, Varonis, vulnerability, Windows /

Attackers can steal NTLM password hashes via calendar invites 2024-01-22 at 15:46 By Zeljka Zorz A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has […]

React to this headline:

Loading spinner

Attackers can steal NTLM password hashes via calendar invites Read More »

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

Atlassian, Atlassian Confluence, CVE, Don't miss, enterprise, Hot stuff, News, security update, vulnerability /

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) 2024-01-16 at 19:46 By Zeljka Zorz Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions

React to this headline:

Loading spinner

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) Read More »

1,700 Ivanti VPN devices compromised. Are yours among them?

0-day, APT, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, SMBs, threat hunting, Volexity, VPN, web shell /

1,700 Ivanti VPN devices compromised. Are yours among them? 2024-01-16 at 17:16 By Zeljka Zorz Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit

React to this headline:

Loading spinner

1,700 Ivanti VPN devices compromised. Are yours among them? Read More »

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Don't miss, enterprise, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability /

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) 2024-01-15 at 11:16 By Helga Labus Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About CVE-2024-21591 CVE-2024-21591 is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based threat

React to this headline:

Loading spinner

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) Read More »

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

0-day, APT, backdoor, Don't miss, enterprise, Hot stuff, Ivanti, News, Volexity, VPN, web shell /

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) 2024-01-11 at 13:46 By Zeljka Zorz Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be mitigated by importing mitigation.release.20240107.1.xml

React to this headline:

Loading spinner

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) Read More »

“Security researcher” offers to delete data stolen by ransomware attackers

Arctic Wolf Networks, data theft, Don't miss, enterprise, extortion, News, Ransomware, SMBs /

“Security researcher” offers to delete data stolen by ransomware attackers 2024-01-09 at 12:32 By Zeljka Zorz When organizations get hit by ransomware and pay the crooks to decrypt the encrypted data and delete the stolen data, they can never be entirely sure the criminals will do as they promised. And even if an organization gets

React to this headline:

Loading spinner

“Security researcher” offers to delete data stolen by ransomware attackers Read More »

Russian hackers target unpatched JetBrains TeamCity servers

APT, CISA, cyber espionage, Don't miss, enterprise, exploit, Fortinet, Hot stuff, JetBrains, National Cyber Security Centre, News, Shadowserver, vulnerability /

Russian hackers target unpatched JetBrains TeamCity servers 14/12/2023 at 16:04 By Helga Labus Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT 29 (aka CozyBear, aka Midnight Blizzard), believed to be associated with

React to this headline:

Loading spinner

Russian hackers target unpatched JetBrains TeamCity servers Read More »

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)

Don't miss, enterprise, firewall, Hot stuff, News, patch, SMBs, Sophos, VulnCheck /

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236) 13/12/2023 at 14:17 By Zeljka Zorz Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In December

React to this headline:

Loading spinner

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236) Read More »

Microsoft will offer extended security updates for Windows 10

consumer, Don't miss, end of support, enterprise, Hot stuff, News, security update, Windows /

Microsoft will offer extended security updates for Windows 10 06/12/2023 at 16:16 By Zeljka Zorz Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates (ESU), but will have to pay

React to this headline:

Loading spinner

Microsoft will offer extended security updates for Windows 10 Read More »

PoCs for critical Arcserve UDP vulnerabilities released

Arcserve, Data Protection, disaster recovery, Don't miss, enterprise, News, PoC, Tenable, vulnerability /

PoCs for critical Arcserve UDP vulnerabilities released 29/11/2023 at 17:46 By Zeljka Zorz Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been published by Tenable researchers on Monday. The vulnerabilities Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution

React to this headline:

Loading spinner

PoCs for critical Arcserve UDP vulnerabilities released Read More »

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)

data analytics, Don't miss, enterprise, Hot stuff, News, PoC, Splunk, vulnerability /

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) 27/11/2023 at 13:47 By Zeljka Zorz A proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public. Users are advised to implement the provided patches or workarounds quickly. About CVE-2023-46214 Splunk Enterprise is a solution

React to this headline:

Loading spinner

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) Read More »

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)

CISA, Don't miss, enterprise, exploit, Hot stuff, News, PoC, Sophos, vulnerability /

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) 20/11/2023 at 14:47 By Helga Labus CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability (CVE-2023-1671) in Sophos Web Appliance that has been patched by the company in April 2023. About CVE-2023-1671 CVE-2023-1671 is a pre-auth command injection vulnerability

React to this headline:

Loading spinner

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) Read More »

From PKI to PQC: Devising a strategy for the transition

DigiCert, Don't miss, Encryption, enterprise, Features, News, Ponemon Institute, quantum computing, strategy /

From PKI to PQC: Devising a strategy for the transition 16/11/2023 at 09:31 By Zeljka Zorz Quantum computers capable of breaking currently used encryption algorithms are an inevitability. And since the US, China and Europe are sprinting to win that arms race, we know that day is coming sooner rather than later. Will organizations be

React to this headline:

Loading spinner

From PKI to PQC: Devising a strategy for the transition Read More »

Juniper networking devices under attack

CISA, Don't miss, enterprise, exploit, firewall, Hot stuff, Juniper Networks, News, vulnerability, WatchTowr /

Juniper networking devices under attack 14/11/2023 at 16:46 By Zeljka Zorz CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Most of these bugs are not particularly severe by themselves, but they can be – and have been – chained

React to this headline:

Loading spinner

Juniper networking devices under attack Read More »

Microsoft introduces new access policies in Entra to boost MFA usage

access management, Don't miss, enterprise, Hot stuff, identity protection, MFA, Microsoft, Microsoft Entra ID, News, policy /

Microsoft introduces new access policies in Entra to boost MFA usage 07/11/2023 at 18:17 By Helga Labus As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID (formerly Azure Active Directory) to increase the use of multifactor authentication (MFA) for enterprise accounts. Microsoft Entra Conditional

React to this headline:

Loading spinner

Microsoft introduces new access policies in Entra to boost MFA usage Read More »

F5 BIG-IP vulnerabilities leveraged by attackers: What to do?

Don't miss, enterprise, F5 Networks, Hot stuff, News, patch, PoC, Praetorian, Project Discovery, SQL injection, traffic monitoring, vulnerability /

F5 BIG-IP vulnerabilities leveraged by attackers: What to do? 02/11/2023 at 14:01 By Zeljka Zorz The two BIG-IP vulnerabilities (CVE-2023-46747, CVE-2023-46748) F5 Networks has recently released hotfixes for are being exploited by attackers in the wild, the company has confirmed. “It is important to note that not all exploited systems may show the same indicators,

React to this headline:

Loading spinner

F5 BIG-IP vulnerabilities leveraged by attackers: What to do? Read More »

MITRE ATT&CK v14 released

Don't miss, enterprise, framework, Hot stuff, MITRE, MITRE ATT&CK, News /

MITRE ATT&CK v14 released 02/11/2023 at 12:16 By Zeljka Zorz MITRE has released MITRE ATT&CK v14, the newest iteration of its popular investigation framework / knowledge base of tactics and techniques employed by cyber attackers. MITRE ATT&CK v14 ATT&CK’s goal is to catalog and categorize behaviors of cyber adversaries in real-world attacks. The framework is

React to this headline:

Loading spinner

MITRE ATT&CK v14 released Read More »

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747)

Don't miss, enterprise, F5 Networks, Hot stuff, News, patch, Praetorian, traffic monitoring, vulnerability /

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) 30/10/2023 at 18:46 By Helga Labus F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code execution (RCE). About CVE-2023-46747 Discovered and reported by Thomas Hendrickson and Michael Weber of Praetorian

React to this headline:

Loading spinner

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) Read More »

Quishing: Tricks to look out for

consumer, Darktrace, Don't miss, enterprise, Hot stuff, Hoxhunt, Kaspersky, Malwarebytes, News, phishing, QR codes, tips /

Quishing: Tricks to look out for 26/10/2023 at 11:01 By Zeljka Zorz QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others. What are QR codes? QR codes are two-dimensional matrix barcodes used for tracking products, identifying items, simplifying actions such as connecting to a

React to this headline:

Loading spinner

Quishing: Tricks to look out for Read More »

Microsoft announces wider availability of AI-powered Security Copilot

Artificial Intelligence, Don't miss, enterprise, Hot stuff, machine learning, malware analysis, Microsoft, News, threat hunting /

Microsoft announces wider availability of AI-powered Security Copilot 23/10/2023 at 15:04 By Helga Labus Microsoft Security Copilot has been made available to a larger number of enterprise customers, via an invitation-only Early Access Program. What is Microsoft Security Copilot? “Security Copilot is an AI assistant for security teams that builds on the latest in large

React to this headline:

Loading spinner

Microsoft announces wider availability of AI-powered Security Copilot Read More »

Scroll to Top