Three new Kaseya zero-day vulnerabilities were just disclosed in Kaseya Unitrends, including an RCE and an authenticated privilege escalation on the client-side. According to a recently released public advisory warning, the Kaseya service should be kept off the internet until…
Researchers from CISA, ACSC, NCSC, and the FBI compiled a list of the most exploited vulnerabilities throughout 2020. Apparently, cybercriminals leveraged recently disclosed security flaws to get into vulnerable systems. According to details available the U.S. government, most of the…
Cybersecurity researchers just reported a new ransomware gang, called BlackMatter, claiming to be the successor of REvil. Related: Kaseya Obtains Universal Decryption Key for REvil Ransomware A New Ransomware Player: BlackMatter The BlackMatter ransomware is currently targeting companies with revenue…
A zero-day vulnerability in iOS, iPadOS, and macOS was just fixed with an urgent security update. Apple said the zero-day may have been exploited. CVE-2021-30807 Zero-Day Exploited in the Wild Known as CVE-2021-30807, the flaw is a memory corruption issue…
Olympic Games Tokyo Data Leak Reported According to a government official, an online data leak affecting the personal information of Tokyo Olympics ticket purchasers has happened, Kyodo News recently reported. The same details of Paralympic ticket owners and individuals who…
Kaseya, the company that got hit by a large-scale REvil ransomware attack, says it has obtained the official decryption key, three weeks after the attack took place. Kaseya Obtains Universal Decryptor “On 7/21/2021, Kaseya obtained a decryptor for victims of…
A critical flaw in the Atlassian platform, in multiple versions of its Jira Data Center and Jira Service Management Data Center products, should be patched immediately. The software engineering platform is used by 180,000 customers which are now endangered by…
New Oracle WebLogic Server vulnerabilities were just reported with the Critical Patch Update for July 2021. 342 issues were fixed across multiple Oracle products, some of which remotely exploitable and enabling attackers to take control of vulnerable systems. CVE-2019-2729 in…
Formbook is an old infostealer, more exactly form-stealer, and keylogger that has now added Mac users to its target list. Apparently, the malware is being sold for as little as $49 on underground forums, enabling cybercriminals to perform various malicious…
A new, highly severe privilege escalation vulnerability in HP printer drivers, also used by Samsung and Xerox, was just disclosed. The vulnerability, which has been assigned the CVE-2021-3438 identifier, affects hundreds of millions of Windows machines. What is most concerning…
A new severe security vulnerability in Windows 10 has been uncovered. Called HiveNightmare, the vulnerability has been assigned the CVE-2021-36934 identifier. HiveNightmare: CVE-2021-36934 Windows 10 Version 1809 (and Newer) Vulnerability What type of vulnerability is HiveNightmare? According to Microsoft’s official…
The latest news shared by one of the social media giants – Facebook, states that the company had suspended the accounts of 200 Iranian hackers who had been running a cyber-spying operation against people working for the U.S. military and…
Microsoft Windows July 2021 Patch Tuesday just rolled out, patching 12 critical security vulnerabilities in a total of 116 issues. It is noteworthy that three of the issues addressed this month were actively exploited in the wild. These bugs include…
There is a new security zero-day vulnerability (CVE-2021-35211) threatening SolarWinds, or more particularly, its Serv-U product line. The exploit was discovered and reported to SolawWinds by Microsoft. According to the official advisory, the newly disclosed zero-day “only affects affects Serv-U…
Security researchers reported several vulnerabilities in Philips Clinical Collaboration Platform Portal. Vulnerabilities in Philips Clinical Collaboration Platform Portal The vulnerabilities, 15 in total, could be used to take control of medical devices. According to an official CISA advisory, the flaws…
Security researchers just disclosed four vulnerabilities in the Sage X3 ERP platform (enterprise resource planning). One of the flaws is critical, with a score of 10 out of 10 on the CVSS scale. Furthermore, two of them could be chained…
Security researchers recently reported a vulnerability in Western Digital MyBook Live network storage drives. The vulnerability allowed remote attacker to wipe the drives “thanks to a bug in a product line the company stopped supporting in 2015, as well as…
Last week, the REvil ransomware gang carried out an unprecedented supply chain ransomware attack against customers of Kaseya’s VSA product. Update July 6, 2021: Even though the REvil cyber gang claims to have infected 1 million systems running Kaseya services, federal…
A new ransomware family was just discovered by security researchers. Called Diavol, the new ransomware was uncovered at the beginning of June, when Fortinet prevented a ransomware attack targeting one of its customers. After successfully halting the attack, the researchers…
Security researchers discovered a nameless malware campaign that stole 1.2 terabytes of personal information from 3.25 million Windows systems. As evident by screenshots the malware took, the campaign took place between 2018 and 2020, when a trojan sneaked into users’…
