Your blog category
A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns… Read More »SolarWinds Serv-U Vulnerability Under Active Attack – Patch Immediately
A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That’s according to… Read More »Oyster Backdoor Spreading via Trojanized Popular Software Downloads
The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) on Thursday announced a “first of its kind” ban that prohibits Kaspersky Lab’s U.S. subsidiary from directly or indirectly… Read More »U.S. Bans Kaspersky Software, Citing National Security Risks
State-sponsored actors with ties to Russia have been linked to targeted cyber attacks aimed at French diplomatic entities, the country’s information security agency ANSSI said in an advisory. The attacks… Read More »French Diplomatic Entities Targeted in Russian-Linked Cyber Attacks
Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS… Read More »Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. “The… Read More »Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021
Highlights Complex Tool Landscape: Explore the wide array of cybersecurity tools used by MSPs, highlighting the common challenge of managing multiple systems that may overlap in functionality but lack integration.Top… Read More »Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024
A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard… Read More »New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration
Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first observed the malware in late April… Read More »Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations
Crypto exchange Kraken revealed that an unnamed security researcher exploited an “extremely critical” zero-day flaw in its platform to steal $3 million in digital assets and refused to return them.… Read More »Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw