Author Archives: Ravie Lakshmanan

Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances.
The issue, assigned the identifier CVE-2022-20866 (CVSS score: 7.4), has been described as a “l… Continue reading Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions→

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.
The two high-severity issues relate to weaknesses in Zimbra Collaborat… Continue reading Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability→

A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks.
“Three autonomous threat groups have since adopted and independently developed… Continue reading Conti Cybercrime Cartel Using ‘BazarCall’ Phishing Attacks as Initial Attack Vector→

Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee’s personal Google account that contained passwords synced from their web browser.
“Initial access to… Continue reading Cisco Confirms It’s Been Hacked by Yanluowang Ransomware Gang→

Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures (TTPs), including a new remote access trojan called ROMCOM RAT on compromised systems.
The new findings come from Palo Alt… Continue reading Hackers Behind Cuba Ransomware Attacks Using New RAT Malware→

Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited, could enable a malicious actor to seize control of affected systems.
“By exploiting these issues, an … Continue reading Critical Flaws Disclosed in Device42 IT Asset Management Software→

Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows.
“When a security vulnerability is reported in an action, o… Continue reading GitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions→

A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that data to Saudi Arabia.
Ahmad Abouammo, 44, was convicted by a jury after a two-week trial in S… Continue reading Former Twitter Employee Found Guilty of Spying for Saudi Arabia→

The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company.
The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies i… Continue reading Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers→

Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twi… Continue reading Hackers Behind Twilio Breach Also Targeted Cloudflare Employees→