enterprise

Attackers can turn AWS SSM agents into remote access trojans

AWS, cloud computing, cloud security, Don't miss, enterprise, Hot stuff, Mitiga, News, Remote Access Trojan, research /

Attackers can turn AWS SSM agents into remote access trojans 02/08/2023 at 16:02 By Zeljka Zorz Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as to non-EC2 machines (e.g., on-premises enterprise servers and virtual machines, and […]

React to this headline:

Loading spinner

Attackers can turn AWS SSM agents into remote access trojans Read More »

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)

0-day, Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, Mnemonic, MobileIron, News, security update, vulnerability /

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) 31/07/2023 at 16:32 By Helga Labus Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted Last week, we reported on a remote unauthenticated API access vulnerability (CVE-2023-35078) affecting Ivanti EPMM having been exploited to target

React to this headline:

Loading spinner

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) Read More »

Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)

0-day, data theft, Don't miss, endpoint management, enterprise, Government, Hot stuff, Ivanti, MobileIron, News, Norway, security update /

Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078) 25/07/2023 at 13:37 By Zeljka Zorz A zero-day vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile (EPMM) has been exploited to carry out an attack that affected 12 Norwegian ministries, the Norwegian National Security Authority (NSM) has confirmed on Tuesday. What is known about the attacks? On Monday,

React to this headline:

Loading spinner

Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078) Read More »

Has the MOVEit hack paid off for Cl0p?

Coveware, cybercrime, data theft, Don't miss, Emsisoft, enterprise, extortion, file-sharing, hack, Hot stuff, KonBriefing Research, News /

Has the MOVEit hack paid off for Cl0p? 24/07/2023 at 17:18 By Zeljka Zorz The number of known Cl0p victims resulting from its Memorial Day attack on vulnerable internet-facing MOVEit Transfer installations has surpassed 420, according to IT market research company KonBriefing Research. The cyber extortion group has lately switched to setting up company-specific leak

React to this headline:

Loading spinner

Has the MOVEit hack paid off for Cl0p? Read More »

Thanks Storm-0558! Microsoft to expand default access to cloud logs

APT, CISA, cloud security, Don't miss, enterprise, Government, government-backed attacks, Hot stuff, logging, Microsoft, Microsoft 365, News /

Thanks Storm-0558! Microsoft to expand default access to cloud logs 20/07/2023 at 13:31 By Zeljka Zorz Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) have announced on Wednesday. The announcements come

React to this headline:

Loading spinner

Thanks Storm-0558! Microsoft to expand default access to cloud logs Read More »

VirusTotal leaked data of 5,600 registered users

Data leak, Don't miss, enterprise, Google, Government, Hot stuff, News, social engineering, spear-phishing, user data, VirusTotal /

VirusTotal leaked data of 5,600 registered users 18/07/2023 at 15:47 By Helga Labus VirusTotal has suffered a data leak that exposed the names and email addresses of 5,600 of its registered users. The leaked data reportedly includes information about employees of US and German intelligence agencies (among others). VirusTotal data leak exposed exploitable information Google-owned

React to this headline:

Loading spinner

VirusTotal leaked data of 5,600 registered users Read More »

Malware delivery to Microsoft Teams users made easy

collaboration, Don't miss, enterprise, Hot stuff, Malware, Microsoft 365, Microsoft Teams, News, red team, SMBs, vulnerability /

Malware delivery to Microsoft Teams users made easy 10/07/2023 at 14:33 By Zeljka Zorz A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the exploited vulnerability As noted by Jumpsec researchers Max Corbridge and Tom Ellson, Microsoft Teams’ default

React to this headline:

Loading spinner

Malware delivery to Microsoft Teams users made easy Read More »

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)

Arcserve, backup, Data Protection, Don't miss, enterprise, Hot stuff, MDSec, News, PoC, vulnerability /

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258) 29/06/2023 at 14:17 By Zeljka Zorz An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found – and

React to this headline:

Loading spinner

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258) Read More »

Microsoft Teams vulnerability allows attackers to deliver malware to employees

collaboration, Don't miss, enterprise, Hot stuff, Jumpsec, Malware, Microsoft 365, Microsoft Teams, News, red team, SMBs, vulnerability /

Microsoft Teams vulnerability allows attackers to deliver malware to employees 23/06/2023 at 15:24 By Zeljka Zorz Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox. “Organisations that use Microsoft Teams inherit Microsoft’s default configuration which allows users from outside of their organisation to reach out

React to this headline:

Loading spinner

Microsoft Teams vulnerability allows attackers to deliver malware to employees Read More »

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)

Don't miss, enterprise, GreyNoise, Hot stuff, News, patch, VMWare, vulnerability /

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887) 21/06/2023 at 11:42 By Zeljka Zorz CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild. There are no workarounds to mitigate the risk of exploitation – enterprise admins are

React to this headline:

Loading spinner

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887) Read More »

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)

Don't miss, enterprise, Hot stuff, News, PoC, security update, Tenable, VMWare, vulnerability /

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) 15/06/2023 at 13:01 By Helga Labus VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network Insight), its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-20887, CVE-2023-20888,CVE-2023-20889) CVE-2023-20887 is a pre-authentication command injection vulnerability

React to this headline:

Loading spinner

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) Read More »

Switzerland under cyberattack

Data leak, data theft, DDoS, Don't miss, enterprise, Government, Hot stuff, News, Ransomware, Switzerland /

Switzerland under cyberattack 14/06/2023 at 14:18 By Helga Labus Swiss government websites are under DDoS attacks, but several ransomware gangs have also turned their sights on Swiss government organizations, cantonal governments, cities and companies in the last few months. Government sites under DDoS attacks “Several Federal Administration websites are/were inaccessible on Monday 12 June 2023,

React to this headline:

Loading spinner

Switzerland under cyberattack Read More »

The multiplying impact of BEC attacks

BEC scams, Don't miss, enterprise, FBI, Hot stuff, Microsoft, News, phishing, SMBs, social engineering /

The multiplying impact of BEC attacks 12/06/2023 at 16:22 By Helga Labus The 2023 Verizon Data Breach Investigations Report (DBIR) has confirmed what FBI’s Internet Crime Complaint Center has pointed out earlier this year: BEC scammers are ramping up their social engineering efforts to great success. BEC attackers targeting the real estate sector The FBI

React to this headline:

Loading spinner

The multiplying impact of BEC attacks Read More »

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims

0-day, British Airways, cybercrime, data theft, Don't miss, enterprise, extortion, Hot stuff, News, Orange Cyberdefense, Progress, Rapid7, SMBs, supply chain attacks /

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims 06/06/2023 at 13:50 By Zeljka Zorz The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are

React to this headline:

Loading spinner

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims Read More »

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)

0-day, data theft, Don't miss, enterprise, extortion, file-sharing, Hot stuff, Mandiant, News, Rapid7, vulnerability /

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) 05/06/2023 at 15:10 By Zeljka Zorz The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many

React to this headline:

Loading spinner

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) Read More »

MOVEit Transfer zero-day attacks: The latest info

0-day, attack, data theft, Don't miss, enterprise, file-sharing, Hot stuff, Huntress, News, Progress, Rapid7, TrustedSec, vulnerability /

MOVEit Transfer zero-day attacks: The latest info 02/06/2023 at 12:41 By Zeljka Zorz There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has updated the

React to this headline:

Loading spinner

MOVEit Transfer zero-day attacks: The latest info Read More »

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!

0-day, attack, Don't miss, enterprise, file-sharing, Hot stuff, News, Progress, threat, vulnerability /

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! 01/06/2023 at 18:18 By Zeljka Zorz A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned

React to this headline:

Loading spinner

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! Read More »

Threat actors can exfiltrate data from Google Drive without leaving a trace

digital forensics, Don't miss, enterprise, Google, Google Drive, Google Workspace, Hot stuff, Incident Response, Mitiga, News, SMBs, threat hunting /

Threat actors can exfiltrate data from Google Drive without leaving a trace 01/06/2023 at 15:43 By Zeljka Zorz Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident

React to this headline:

Loading spinner

Threat actors can exfiltrate data from Google Drive without leaving a trace Read More »

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)

Don't miss, enterprise, firewall, firmware, Hot stuff, News, PoC, Rapid7, security update, SMBs, vulnerability, Zyxel /

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) 22/05/2023 at 14:05 By Zeljka Zorz A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerability and achieves a

React to this headline:

Loading spinner

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) Read More »

Fraudsters send fake invoice, follow up with fake exec confirmation

Armorblox, Don't miss, enterprise, fraud, News, security awareness, SMBs /

Fraudsters send fake invoice, follow up with fake exec confirmation 16/05/2023 at 16:10 By Zeljka Zorz Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. A clever payment request fraud The fraud attempt begins with an email containing

React to this headline:

Loading spinner

Fraudsters send fake invoice, follow up with fake exec confirmation Read More »

Scroll to Top