Security Advisories

Security Advisories

3/07/2024

An EDR-disabling tool embedded in device drivers continues to be used by threat actors. This is but one of the many attack vectors that leverage compromised system drivers.

3/04/2024

FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks.

1/20/2024

Cisco has disclosed a critical remote code execution (RCE) vulnerability in its Unified Communications Manager (CM) and Contact Center Solutions products.

1/01/2024

Attackers exploit weak passwords and bypass security like MFA to sneak into accounts.

12/23/2023

A critical Bluetooth flaw has been identified, allowing hackers to compromise Android, Linux, MacOS, and iOS devices, enabling unauthorized takeovers.

12/15/2023

The FBI and CISA have issued warnings about attacks against various industry sectors by the Rhysida ransomware group.

12/15/2023

Please find the security advisory on Scattered Spider-Social Engineering Attack that uses BlackCat/ALPHV Ransomware.  The approach obtains credentials by using phishing techniques and performs Pushbombing and Subscriber Identity Module (SIM) by installing remote access tools to bypass Multi-Factor Authentication (MFA).

12/04/2023

Fortinet has released security updates to tackle vulnerabilities in multiple products.

11/09/2023

VMware has released security advisories to tackle vulnerabilities CVE-2023-34048, CVE-2023-34056 affecting VMware vCenter Server and VMware Cloud Foundation.

10/23/2023

Cisco disclosed a new high-severity zero-day vulnerability (CVE-2023- 20273) that is actively being exploited to deploy malicious implants on IOS XE devices.

10/16/2023

Threat actors abusing LinkedIn’s Smart Links in evasive email phishing attacks.

10/05/2023

FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victim networks to encrypt systems in under two days.

10/04/2023

Progress Software shipped patches for critical-level security flaws in its WS_FTP file transfer software.

9/22/2023

Snatch Ransomware uses Windows Safe Mode and privileged service to bypass AV tools.

8/21/2023

Juniper has released out-ofcycle updates to multiple vulnerabilities in Junos OS. A remote attacker could chain these vulnerabilities to execute malicious code on vulnerable devices.

8/14/2023

New Phishing-as-a-Service Platform ‘EvilProxy’ lets attacker bypass Multi-Factor Authentication.

6/02/2023

Barracuda, a company that provides network and email security solutions, has informed customers that some of its Email Security Gateways (ESGs) have been compromised by a zero-day vulnerability that has been patched. 

4/06/2023

OneNote is making an important change to how it treats embedded files that have dangerous extensions.

3/23/2023

Attackers use Adversary-in-The-Middle (AiTM) phishing sites as entry point to further financial fraud.

1/19/2023

The Ursnif trojan, also known as Gozi, is one of the most widely spread banking Trojans. It is capable of logging keystrokes, exfiltrating data, as well as tracking the activity of the network and the browser.

1/03/2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.

12/19/2022

In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022- 37958). Microsoft has now reclassified the vulnerability as “Critical” severity after it was discovered that the vulnerability could allow attackers to remotely execute code.

12/16/2022

A critical zero-day vulnerability was found in multiple versions of Fortinet’s FortiOS SSL-VPN. CVE-2022-42475 was given a 9.3 on the common vulnerability scoring system and has been exploited in the wild at least once.

12/16/2022

Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway that is being actively exploited.

12/06/2022

Android OEMs platform certifications and keys are getting heavily abused to obtain digital signatures on malicious applications to gain privilege access.

12/06/2022

A high-severity Type Confusion vulnerability in the V8 JavaScript engine affects all the Chrome versions that allow attackers to exploit the bug remotely by executing arbitrary code. Google has reported this vulnerability being actively exploited.

11/29/2022

Billbug is a State-sponsored actor that has targeted Cert Authority and Government Agencies in multiple Asian countries. Campaign has been ongoing at least since March 2022.

11/02/2022

VMware patches critical Cloud Foundation vulnerability, tracked as CVE-2021-39144 in XStream open source library.

11/01/2022

A newly discovered fully undetectable PowerShell backdoor, created by threat actors uses a unique approach of disguising itself as part of a Windows update process.

10/27/2022

Apple addressed the recent actively exploited zero-day vulnerability, tracked as CVE2022-42827, in iOS 16.1 and iPadOS 16 devices with improved bounds checking.

10/27/2022

Zimbra has released updates to address a critical code execution vulnerability that is being actively exploited. The vulnerability, CVE-2022- 41352, affects the Amavis open-source content filter component of Zimbra Collaboration Suite versions 8.8.15 and 9.0.

10/21/2022

Fortinet released updates for the exploited Authentication Bypass Vulnerability CVE-2022- 40684 giving details of mitigation guidance for vulnerable products.

10/19/2022

A new Chinese-language command-and-control (C2) attack framework is being widely used in attacks targeting Windows, Linux and Mac machines. It is equipped with a new malware, named Insekt, having remote administration functionalities.

10/17/2022

Microsoft announced disabling basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell to improve Exchange Online security.

10/10/2022

Microsoft Exchange Server vulnerabilities updates on previously known zero-day remote code execution vulnerabilities identified as CVE-2022-41040 and CVE2022-41082.

10/10/2022

Fortinet released patches for a critical authentication bypass vulnerability tracked as CVE-2022-40684 which allows threat actors to log into unpatched FortiGate devices.

10/10/2022

A new phishing campaign by a state-sponsored group, tracked as ZINC, uses weaponized legitimate opensource software such as putty, with objectives focused on espionage, data theft, financial gain, and network destruction.

10/03/2022

• Oktapus Phishing - a recent spike in Smishing

• New GoLang malware campaign, GO#WEBBFUSCATOR, decoys targets in viewing images that are loaded with a GoLang Malware.

• Microsoft Teams store Unencrypted Authentication Tokens

• Critical Zero-day Sophos Firewall Remote Code execution vulnerability, CVE-2022-3236, has been patched

• Malicious OAuth Applications

10/03/2022

Essential Advisories Recap for September 2022

9/27/2022

Attackers exploited a zero-day remote code execution (RCE) vulnerability in Sophos Firewall. Patch has been released for the same.

9/20/2022

Vectra security team recently identified that Microsoft Teams stores authentication tokens in unencrypted plaintext mode, allowing attackers to potentially control communications within an organization.

9/14/2022

Apple released security updates to address multiple vulnerabilities reported in its products.

9/13/2022

A recent malware campaign, named GO#WEBBFUSCATOR, decoys targets in viewing historic James Webb space telescope deep field images that are loaded with a Golang malware.

9/02/2022

A recent spike in Smishing – SMS phishing – shows attackers using text messages to steal remote access credentials and one-time passcodes from employees.

9/02/2022

Essential Advisories Recap for August 2022

8/30/2022

A new sophisticated post-compromise malware, MagicWeb, used by the previously known Russia-linked, NOBELIUM Advance Persistent Threat (APT) group, has been in use to maintain persistent access to compromised environments.

8/23/2022

First discovered in September 2021 Android Banking Trojan, SOVA, has been observed now with new features.


Download the Security Alert Brochure