The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical flaw in Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core, adding it to the Known Exploited Vulnerabilities catalog. CVE-2023-35081: Disclosure and Overview The vulnerability, identified as CVE-2023-35082 with…
Continuous integration and continuous delivery (CI/CD) misconfigurations discovered within the widely-used TensorFlow machine learning framework raise concerns about potential supply chain attacks. TensorFlow Vulnerabilities and the Risk of Supply Chain Attacks Praetorian researchers Adnan Khan and John Stawinski highlighted vulnerabilities…
A concerning trend has emerged on the macOS platform. Multiple information stealers have showcased a remarkable ability to outsmart detection, even in the face of frequent monitoring and reporting by security companies. XProtect, macOS’s built-in anti-malware system, is designed to…
Guardio Labs’ research team has recently unearthed a critical zero-day vulnerability in the widely used Opera web browser family. This vulnerability, codenamed MyFlaw, poses a significant threat as it enables attackers to execute malicious files on both Windows and MacOS…
Romanian cybersecurity firm Bitdefender has unveiled multiple security vulnerabilities in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners. If successfully exploited, these vulnerabilities could empower attackers to execute arbitrary code on the affected systems, raising concerns about the potential compromise…
GitLab has released crucial security updates for both its Community and Enterprise Editions to counteract two critical vulnerabilities. One of these vulnerabilities has the potential for account hijacking with no user interaction, posing a significant threat to organizations relying on…
Cisco has recently addressed a critical security flaw in its Unity Connection. Unity Connection is a fully virtualized messaging and voicemail solution designed for various platforms, including email inboxes, web browsers, Cisco Jabber, Cisco Unified IP Phone, smartphones, and tablets.…
Apache OFBiz, an open-source Enterprise Resource Planning (ERP) system, has fallen prey to a newly unearthed zero-day security vulnerability. This flaw, identified as CVE-2023-51467, resides within the login functionality of the system, creating a potential avenue for threat actors to…
The U.S. Justice Department (DoJ) has officially dismantled the notorious BlackCat ransomware operation, presenting a decryption tool to over 500 victims to recover their files encrypted by the malicious software. Court documents reveal that the U.S. Federal Bureau of Investigation…
Microsoft’s December 2023 Patch Tuesday: Wrapping Up the Year Microsoft bids farewell to 2023 with its final Patch Tuesday updates, addressing 33 flaws in its software. Remarkably, this release marks one of the lighter ones in recent years, featuring four…
Apple rolled out a comprehensive set of security updates on Monday, including the critical CVE-2023-45866, addressing severe vulnerabilities across multiple platforms. The updates cover iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser, with a focus on fixing security…
Cybersecurity expert Patrick Wardle recently conducted a comprehensive analysis of a newly discovered macOS ransomware named Turtle. What sets Turtle apart is its cross-platform adaptability, with versions tailored for both Windows and Linux systems. This cross-platform nature hints at a…
Academic researchers at VU Amsterdam university have recently uncovered a novel threat to modern CPUs, presenting a potential challenge to future products from industry giants Intel, AMD, and Arm. This newly identified attack, named SLAM (Spectre based on Linear Address…
WordPress administrators are facing a sophisticated email campaign that leverages fake WordPress security advisories to exploit a non-existent vulnerability, identified as CVE-2023-45124. Security experts from Wordfence and PatchStack have intercepted and reported this malicious campaign, aiming to raise awareness among…
Security researchers have uncovered critical vulnerabilities in the Unified Extensible Firmware Interface (UEFI) code used by various independent firmware/BIOS vendors (IBVs). These UEFI vulnerabilities, collectively named LogoFAIL by Binarly, pose a serious threat as they can be exploited by threat…
Apple has released emergency security updates to address two zero-day vulnerabilities that were actively exploited, bringing the total to 20 zero-days patched in the ongoing year. These vulnerabilities impacted a wide range of Apple devices, including iPhones, iPads, and Macs,…
Joint research by Corvus Insurance and Elliptic has exposed the nefarious exploits of the Russia-linked ransomware gang, Black Basta. Since its emergence in April 2022, this cybercrime syndicate has amassed a colossal $107 million in ransom payments from over 90…
Cybersecurity researchers at Arctic Wolf just uncovered a large-scale CACTUS ransomware campaign exploiting recently disclosed vulnerabilities in Qlik Sense. The latter is a cloud analytics and business intelligence platform. This attack is another instance where threat actors have utilized Qlik…
Cybersecurity researchers at Cybereason have uncovered that one of the latest variants of the notorious DJVU ransomware, dubbed Xaro, is utilizing cracked software as its distribution vector. It is worth noting that this is not the first case of DJVU…
A critical design flaw in Google Workspace’s domain-wide delegation (DWD) feature was just discovered, presenting a potential avenue for threat actors to escalate privileges and gain unauthorized access to Workspace APIs. Meet the DeleFriend Design Flaw in Google Cloud Platform…
