Collaborate Disseminate
The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million. The victim organizations are overwhelmingly based in the US. “The most heavily … Continue reading Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations
US educational nonprofit organization National Student Clearinghouse (NSC) has revealed that the breach of its MOVEit server ended up affecting almost 900 colleges and universities, and resulted in the theft of personal information of their students. T… Continue reading National Student Clearinghouse MOVEit breach impacts nearly 900 schools
GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. They flaw may allow a threat actor to abuse scan execution policies to run pipelines as another user… Continue reading GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)
Signal has announced an upgrade to its end-to-end encryption (E2EE) protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum computers. Getting ready for quantum computing “Quantum computing represen… Continue reading Signal takes a quantum leap with E2EE protocol upgrade
An unknown threat actor has released a fake proof of concept (PoC) exploit for CVE-2023-4047, a recently fixed remote code execution (RCE) vulnerability in WinRAR, to spread the VenomRAT malware. The fake WinRAR PoC On August 17, 2023, Trend Micro̵… Continue reading Fake WinRAR PoC spread VenomRAT malware
One in three Americans now use password managers, up from one in five in 2022, according to an online poll by Security.org that quizzed 1,051 American adults on how they use passwords and password managers. How users choose and use password managers Us… Continue reading Never use your master password as a password on other accounts
Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. About the vulnerabilities CVE-2023-3676, disc… Continue reading Kubernetes vulnerability allows RCE on Windows endpoints (CVE-2023-3676)
Enterprise macOS users are being targeted by attackers slinging new information-stealing malware dubbed MetaStealer. The MetaStealer malware MetaStealer is delivered within malicious disk image format (.dmg) files. The names of the files – such a… Continue reading MetaStealer malware is targeting enterprise macOS users
Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. About the vulnerability (CVE-2023-4863) CVE-2023-4863 is a critical heap buffer overflow vulnerability in the component that han… Continue reading Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863)
A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers. Delivering malware to Microsoft Teams users Late last month, Truesec researchers spotted two compromised Micr… Continue reading Microsoft Teams users targeted in phishing attack delivering DarkGate malware