• Cybersecurity News

CleverSoar Attack Flow | Image: Rapid7Rapid7 Labs has uncovered a sophisticated malware campaign employing the newly identified CleverSoar installer, a highly evasive threat targeting Chinese and Viet ... Read more

• Cybersecurity News

Campaign Alpha overview | Image: Trend MicroIn a detailed report from Trend Micro, the Chinese advanced persistent threat (APT) group Earth Estries, also known by aliases like Salt Typhoon and GhostEm ... Read more

• Cybersecurity News

QNAP has issued a security advisory regarding multiple critical vulnerabilities in Notes Station 3, a popular application for managing and sharing notes on QNAP devices. These vulnerabilities, with CV ... Read more

• Cybersecurity News

Sonatype has issued two security advisories for its Nexus Repository Manager 2.x, a popular repository manager used by organizations worldwide to store and distribute software artifacts, warning users ... Read more

• security.nl

Het Amerikaanse ministerie van Volksgezondheid heeft ziekenhuizen en andere medische instellingen gewaarschuwd voor de 'Godzilla webshell' die bij aanvallen wordt ingezet en lastig te detecteren is (p ... Read more

• Cybersecurity News

The Frag ransom note | Image: SophosSophos X-Ops recently uncovered Frag ransomware in a series of cyberattacks exploiting a vulnerability in Veeam backup servers, designated CVE-2024-40711. This newl ... Read more

• Cybersecurity News

Attach chain | Image: Trend MicroIn a recently disclosed report by Trend Micro, attackers were observed exploiting a vulnerability in Atlassian’s Confluence servers (CVE-2023-22527) to hijack victim r ... Read more

• Trend Micro

Cyber Threats In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes. ... Read more

• Cybersecurity News

Attack chain | Image: Trend MicroTrend Micro researchers have uncovered a new and unconventional method used by cybercriminals to deploy the SRBMiner cryptominer on Docker remote API servers. This att ... Read more

• Cybersecurity News

A recent report from security researchers at Aufa and NetbyteSEC Interns sheds light on the resurgence of the LemonDuck malware, which is now exploiting the EternalBlue vulnerability (CVE-2017-0144) i ... Read more

• Cybersecurity News

The entire attack flow | Image: Aqua NautilusIn a recent report by Aqua Nautilus researchers Assaf Morag and Idan Revivo, the Linux server community has been alerted to the presence of a particularly ... Read more

• Cybersecurity News

In a significant development for website owners and administrators using Camaleon CMS, a critical security update has been released to address several vulnerabilities, some of which are already being ... Read more

• Cybersecurity News

The Nigeria Computer Emergency Response Team (ngCERT) has issued an urgent alert warning of ransomware groups actively targeting critical systems across Nigeria. The alert focuses on a high-severity v ... Read more

• Cybersecurity News

Medusa ransomware ransom note | Image: Unit 42In a concerning new development, cybersecurity researchers at Darktrace have unveiled a report detailing the exploitation of Fortinet’s FortiClient Endpoi ... Read more

• Cybersecurity News

The Delta Prime platform fell victim to a cyberattack resulting in the theft of cryptocurrency worth approximately $6 million. Initially, losses were reported at around $4.5 million, but the damage la ... Read more

• The Hacker News

Software Security / Threat Intelligence Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gol ... Read more

• Cybersecurity News

Excel document containing pixelated screenshot | Image: TrellixIn a newly uncovered advanced malware campaign, threat actors are using a complex, fileless approach to deliver the Remcos Remote Access ... Read more

• Cybersecurity News

In a concerning development for cybersecurity giant Fortinet, a potential data breach has come to light, raising alarms about the security of sensitive customer information. The incident reportedly af ... Read more

• Cybersecurity News

Timeline how the WhatsUp Gold Active Monitor PowerShell Script was abused | Image: Trend MicroTrend Micro researchers have uncovered a series of remote code execution (RCE) attacks targeting WhatsUp G ... Read more

• Cybersecurity News

Cybersecurity researchers at FortiGuard Labs have observed multiple campaigns targeting a critical vulnerability in GeoServer, an open-source geospatial data server. Identified as CVE-2024-36401, this ... Read more

• Cybersecurity News

Please enable JavaScriptProgress Software Corporation has issued a security advisory for a critical vulnerability (CVE-2024-7591) affecting its LoadMaster application delivery controller (ADC) and loa ... Read more

• Cybersecurity News

System administrators and web hosting providers relying on the popular Webmin and Virtualmin control panels are urged to take immediate action following the disclosure of a critical vulnerability that ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending August, 2024Subscribers favorite #1Velvet Ant AP ... Read more

• TheCyberThrone

Microsoft’s threat intelligence team discovered that a known North Korean threat actor exploiting a Chrome remote code execution flaw patched by Google earlier this month.The vulnerability, tracked as ... Read more

• TheCyberThrone

Fortra has released patches for two vulnerabilities in FileCatalyst Workflow impacts version  5.1.6 Build 139 and earlier.The first vulnerability tracked as CVE-2024-6633 with a CVSS score of 9.8 is d ... Read more

• TheCyberThrone

Google’s Threat Analysis Group has uncovered that Russian government-backed APT29 hackers targetting Mongolian government websites using exploits strikingly similar to those developed by commercial sp ... Read more

• TheCyberThrone

The critical template injection vulnerability in the Atlassian Confluence Data Center and Confluence Server is being actively exploited for cryptojacking campaigns that allow remote attackers to execu ... Read more

• Cybersecurity News

Attack chain | Image: TrendMicroA recent discovery by cybersecurity researchers at Trend Micro has unveiled a sophisticated new attack vector targeting Atlassian Confluence servers, leveraging the cri ... Read more

• The Hacker News

Cryptojacking / Vulnerability Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit crypto ... Read more

• Trend Micro

Malware Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor. Summary Trend Micro researchers ... Read more

• TheCyberThrone

The U.S. CISA added Google Chrome vulnerability to its Known Exploited Vulnerability Catalog following the mass exploitation in the wild.CVE-2024-7965; Google Chromium V8 contains an inappropriate imp ... Read more

• TheCyberThrone

Security researchers from ESET have identified two vulnerabilities in WPS Office for Windows, widely exploited by the APT-C-60 cyberespionage group, which is aligned with South Korea.APT-C-60, known f ... Read more

• TheCyberThrone

Rockwell Automation has released patches for multiple vulnerabilities discovered in its ThinManager ThinServer software. These vulnerabilities, pose significant risks to systems running affected versi ... Read more

• Dark Reading

Source: KT Design via Adobe Stock PhotoThreat actors continue to exploit a critical remote code execution (RCE) Atlassian bug discovered in January, with new attack vectors that turn targeted cloud en ... Read more

• TheCyberThrone

Researchers have uncovered a critical vulnerability in WPML multilingual CMS Plugin for WordPress that leads to a Remote Code Execution, which potentially allows the compromise of impacted websites.Th ... Read more

• Cybersecurity News

Attack chain used in the second attack vectorTrend Micro researchers have uncovered a widespread cryptojacking campaign leveraging a critical vulnerability (CVE-2023-22527) in the Atlassian Confluence ... Read more

• TheCyberThrone

The U.S. CISA adds Apache OFBiz vulnerability to its KEV catalog following the mass exploitationCVE-2024-38856 : Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect ... Read more

• Trend Micro

Exploits & Vulnerabilities A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system. Summary The critical vu ... Read more

• TheCyberThrone

The US CISA has added Google Chrome vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2024-7971 Google Chromium V8 contains a type of confusion ... Read more

• TheCyberThrone

Google has released a patch to address a new Chrome zero-day vulnerability that is actively exploited.The vulnerability tracked as CVE-2024-7965 with a CVSS score of 8.8 is an inappropriate implementa ... Read more

• TheCyberThrone

The U.S. CISA has added CVE-2024-39717 to its Know exploited vulnerability catalog following the massive exploitation evidenceThis vulnerability CVE-2024-39717 affects Versa Networks’ Director GUI, sp ... Read more

• TheCyberThrone

GitHub has addressed several vulnerabilities in GitHub Enterprise Server (GHES) that could have allowed attackers to gain unauthorized access and manipulate repositories.The most critical vulnerabilit ... Read more

• TheCyberThrone

Security researcher ‘Frost’ has released proof-of-concept exploit code for the high-severity vulnerability in the Kernel Streaming WOW Thunk Service Driver could enable local attackers to escalate pri ... Read more

• TheCyberThrone

Security researchers discovered that the China-linked APT group Velvet Ant has exploited the recently disclosed zero-day CVE-2024-20399 in Cisco switches to take over the network devices.Last month, C ... Read more

• TheCyberThrone

SolarWinds has released an update to a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated attackers to gain unauthorized access to vulnerable instances.The v ... Read more

• TheCyberThrone

SonicWall has released patch for a critical vulnerability  affecting their SonicOS and could allow unauthorized access to SonicWall firewalls, potentially leading to a complete system compromise.The v ... Read more

• TheCyberThrone

Microsoft has released patches for a critical vulnerability in EDGE Browser that is currently being exploited by malicious actors.This zero-day flaw, tracked as CVE-2024-7971, exists within Google Chr ... Read more

• Cybersecurity News

Microsoft has released an urgent security update for its Edge browser, patching a critical vulnerability that is currently being exploited by malicious actors. This zero-day flaw, tracked as CVE-2024- ... Read more

• Cybersecurity News

The Progress WhatsUp Gold team has recently disclosed multiple critical vulnerabilities affecting all versions of the software released before 2024.0.0. These vulnerabilities, identified as CVE-2024-6 ... Read more

• TheCyberThrone

The U.S. CISA has added 4 vulnerabilities to it’d Known Exploited Vulnerabilities Catalog (KEV) belongs to Dahua, Microsoft, and Linux products based on the mass exploitationCVE-2022-0185Linux Kernel ... Read more

• TheCyberThrone

Google released an emergency security update to address a Chrome zero-day vulnerability, tracked as CVE-2024-7971, that is actively exploited.The vulnerability is a type confusion issue that resides i ... Read more

• TheCyberThrone

A high-severity flaw has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications.Spring Security’s powerful method security features ... Read more

• TheCyberThrone

Atlassian has issued a patch for a high severity vulnerability in its Bamboo Data Center and Server products, which is a Remote Code Execution.The vulnerability tracked as CVE-2024-21689 with a CVSS s ... Read more

• TheCyberThrone

During this month patch Tuesday, microsoft addressed nearly 90 flaws, some of which have already been exploited by hackers.One specific vulnerability, CVE-2024-38193 with a CVSS score of 7.8, is a  Br ... Read more

• TheCyberThrone

F5 has recently released security advisories addressing vulnerabilities in its products. These vulnerabilities, if exploited, could lead to denial-of-service (DoS) attacks and unauthorized access, dis ... Read more

• TheCyberThrone

The U.S. CISA added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.Jenkins has addressed the vulnerability tracked as CVE-2024 ... Read more

• TheCyberThrone

The U.S. CISA added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.Jenkins has addressed the vulnerability tracked as CVE-2024 ... Read more

• TheCyberThrone

To limit the exploitability of this vulnerability, Ivanti recommends limiting Admin Access to the Management Interface internal to the network through the private / corporate network.The researchers a ... Read more