Stable Channel Update in Chrome for Windows, Mac and Linux
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A list of security fixes has been addressed in the latest version for Windows, Mac and Linux. There are seven security fixes of which four are high severity vulnerabilities (as per Chrome). …
Network Providers and Devices targeted by Chinese state-sponsored actors
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have released a joint advisory to make organizations in the telecommunications industry aware …
A zero-day vulnerability in Atlassian Confluence
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations about a new vulnerability in Atlassian’s Confluence Server and Data Center. This vulnerability is actively exploited in the wild. …
Gitlab addresses critical security vulnerabilities with newer versions
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The new versions of Gitlab address one critical and two high-security flaws (as per Gitlab). Some of these vulnerabilities could be exploited by an attacker to perform a Stored Cross-Site Scripting(XSS) attack. …
Enemybot malware expands its arsenal by exploiting well-known vulnerabilities
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary EnemyBot, a Mirai-based botnet, is expanding its arsenal by exploiting well-known vulnerabilities in log4j, VMware workspace, Spring Framework, and others. Keksec, also known as Nero and Freakout, is the threat actor behind …
Mozilla addresses security vulnerabilities in Firefox, Firefox ESR, and Thunderbird
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Mozilla has released updates that address up to eight high severity vulnerabilities (as per Mozilla) in Firefox, Firefox ESR, and Thunderbird. These vulnerabilities could allow an attacker to exploit the system and …
New Zoom vulnerabilities can compromise user devices with a single message
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Zoom has addressed four security flaws that, one of them if exploited, can compromise a user via chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and executing malicious …
Lazarus distributes Nukesped to VMware Horizon Servers by exploiting Log4J
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Lazarus, a North Korean threat actor group, is deploying Nukesped (aka Manuscrypt) malware on unpatched VMware Horizon servers by exploiting the Log4J remote code execution vulnerability. …
New Ransomware Group Axxes is on the rise
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Axxes ransomware is a relatively new ransomware group that appears to be a rebranded version of Midas ransomware. The H Dubai is the latest victim of the threat group, which has previously …
RedLine InfoStealer exploits Google Chrome’s zero-day
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Summary The notorious information-gathering malware RedLine InfoStealer is stealing data from individuals and organizations such as Samsung, Zoom, Cisco, Vodafone, Jio, and Axis Bank by exploiting a two-month-old zero-day vulnerability that affects all chromium-based …