Summary of Key Points: Microsoft’s Internet Information Services (IIS) is a widely used web server software package created for Windows Server. It’s commonly exploited by threat actors for internet-facing resources, acting as a gateway to access IT environments. New vulnerabilities have arisen, causing security concerns in the IT industry. The Role of Microsoft’s IIS in
Read More
North Korean Cyber-espionage Returns with Social Media Trickery and Zero-Day Exploits 1. An Unsettling Discovery by Google’s TAG Google’s Threat Analysis Group (TAG) has recently stumbled upon a virtual hornet’s nest. The entity behind the troubling activity? None other than our favorite threat actors linked with North Korea. The group appears to be tirelessly targeting
Read More
CISA Flags Unauthorized Access Issues by Nation-State Agents in Fortinet and Zoho Systems The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning that Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus have security flaws. Multiple nation-state actors are exploiting these security weak points to gain unauthorized access to, and establish persistence on,
Read More
Apple issues emergency security updates to fix two zero-day exploits Main Points Apple releases emergency updates to iOS, iPadOS, macOS, and watchOS to address zero-day security flaws. The security issues have been reportedly exploited in the wild to carry out the delivery of NSO Group’s Pegasus spyware. CVE-2023-41061 – a problem in the Wallet application
Read More
New Malvertising Campaign Spreading Updated Atomic Stealer Malware A new malvertising campaign is spreading an updated version of the macOS stealer malware, Atomic Stealer. Atomic Stealer, first seen in April 2023, is an off-the-shelf Golang malware costing a whopping $1,000 per month. New variants of the malware have been seen since its inception, with improved
Read More
Soaring Skywards: vCISO Services Rise by Almost 5 Fold by End 2024 By 2024, a substantial increase in the number of Managed Services Providers (MSPs) and Managed Security Services Providers (MSSPs) offering virtual Chief Information Security Officer (vCISO) services is anticipated. This growth reflects the escalating demand for specialized cybersecurity expertise in business environments. This
Read MoreApache SuperSet Security Gets a Boost with New Patches Main Points: Two new vulnerabilities in Apache SuperSet have been patched. These vulnerabilities (CVE-2023-39265 and CVE-2023-37941) could allow remote code execution by attackers. The update, version 2.1.1, addresses these security breaches by securing Superset’s metadata database. New Patches Head off Security Threats Don’t we all love
Read More
Relax with Pandora? More like Wreak Havoc with Pandora A new strain of Mirai botnet known as Pandora is infiltrating affordable Android-based TV sets and TV boxes. Pandora is part of a botnet conducting distributed denial-of-service (DDoS) security attacks. Doctor Web reveals that either malicious firmware updates or the installation of pirated video content might
Read More
The Great Cache Heist: Chinese-Based Threat Storm-0558 Acquires Microsoft’s Inactive Consumer Signing Key Main points: – China-based threat actor known as Storm-0558 acquired an inactive consumer signing key, compromising Microsoft’s system. – The compromise allowed Storm-0558 to access debugging environment containing a crash dump from April 2021. – The attack was facilitated by the compromise
Read More
Google Drops New Android Security Patches; Targets Pesky Zero-Day Bug – Google releases monthly security update for Android, including fixes for a zero-day vulnerability. – The vulnerability, classified as CVE-2023-35674, is a high-risk privilege escalation problem impacting the Android Framework. – Google suggests that CVE-2023-35674 may be under targeted exploitation. Monthly Security Patches Roll Out
Read MoreNo products in the cart.