Ukraine and Eastern Europe defense sector targeted by .NET-based backdoor The defense sector in Ukraine and Eastern Europe has been hit by a new backdoor called DeliveryCheck, also known as CAPIBAR or GAMEDAY. This backdoor is written in the .NET programming language and has the ability to deliver further malicious payloads. The attacks have been
Read More
h3 P2PInfect: A New Worm Targeting Vulnerable Redis Instances Researchers at Palo Alto Networks Unit 42 have recently discovered a new worm called P2PInfect that is specifically designed to target vulnerable Redis instances. This worm, unlike previous ones, can infect both Linux and Windows operating systems, making it more scalable and potent. The P2PInfect worm
Read More
Microsoft Expands Cloud Logging Capabilities to Boost Cybersecurity Investigation Introduction Microsoft has announced an expansion of its cloud logging capabilities, aimed at helping organizations in investigating cybersecurity incidents and gaining more visibility. This move comes after the company faced criticism due to a recent espionage attack campaign on its email infrastructure. The decision is a
Read More
h1: Adobe Releases Updates to Address Critical ColdFusion Flaw h2: Incomplete Fix for CVE-2023-38205 Adobe has released a new set of updates to address an incomplete fix for a critical security flaw in ColdFusion. The flaw, known as CVE-2023-38205, has been actively exploited in the wild and has a CVSS score of 7.5. h2: Improper
Read More
🔒 US Agencies Release Recommendations to Improve Security of 5G Network Slicing Key Points: US cybersecurity and intelligence agencies have issued recommendations for enhancing security in 5G standalone network slicing. Network slicing allows operators to divide a single physical network into multiple virtual networks. The agencies recommend implementing a risk-based approach to identify and address
Read More
The Growing Attack Surface: Why It’s a Concern The attack surface is continuously expanding, outpacing the ability of security teams to keep up. In order to effectively protect your organization, it is vital to understand what is exposed and where attackers are likely to strike. With the prevalence of cloud migration and the subsequent increase
Read More
APT41 Unleashes Android Spyware Introduction The notorious China-linked nation-state actor, APT41, has recently been discovered to be behind the creation of two new strains of Android spyware. These strains, named WyrmSpy and DragonEgg, have not been previously documented. Main Points APT41, known for exploiting web-facing applications and infiltrating traditional endpoint devices, now adds mobile endpoints
Read More
Potential Privilege Escalation Vulnerability in Google Cloud Uncovered Bad.Build Vulnerability in Google Cloud Build Service The Discovery Cybersecurity researchers have recently discovered a privilege escalation vulnerability in Google Cloud. This vulnerability, dubbed “Bad.Build,” has the potential to allow malicious actors to tamper with application images and infect users. The issue is rooted in the Google
Read More
The U.S. Government Adds Cytrox and Intellexa to Economic Blocklist for Cyber Espionage Introduction The U.S. government has recently taken action against two foreign commercial spyware vendors, Cytrox and Intellexa. These companies have now been added to an economic blocklist due to their use of cyber exploits to gain unauthorized access to devices. This move
Read More
Citrix Discovers Critical Security Flaw in NetScaler ADC and Gateway Overview: Citrix has recently identified a critical security vulnerability in its NetScaler Application Delivery Controller (ADC) and Gateway platforms. This flaw, known as CVE-2023-3519, is currently being actively exploited in the wild. It involves code injection, which may lead to unauthenticated remote code execution. The
Read MoreNo products in the cart.