Collaborate Disseminate
A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and followed up by releasing a proof-of-concept (PoC) exploit th… Continue reading Mitel MiCollab zero-day and PoC exploit unveiled
FBI and Cybersecurity and Infrastructure Security Agency (CISA) officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors that have – and will – burrow into the networks and… Continue reading 8 US telcos compromised, FBI advises Americans to use encrypted communications
A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player supply chain compromise, this attack was reportedly made possible due to compromi… Continue reading Solana’s popular web3.js library backdoored in supply chain compromise
A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this year, iVerify added a threat hunting feature to its … Continue reading How widespread is mercenary spyware?
Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for enterprises. CVE-2024-8785 and the PoC exploit CVE-… Continue reading PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)
Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerabilities Veeam Service Provider Console is a cloud-en… Continue reading Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)
A joint investigation team involving French and Dutch authorities has taken down Matrix, yet another end-to-end encrypted chat service created for criminals. Matrix (Source: Dutch Police) The Matrix encrypted chat service Matrix – also know as Ma… Continue reading Police takes down Matrix encrypted chat service used by criminals
Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last week about email campaigns luring users with promises of payments, benefits an… Continue reading Phishers send corrupted documents to bypass email security
ENGlobal, a Texas-based engineering and automation contractor for companies in the energy sector, has had its data encrypted by attackers. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. The p… Continue reading US government, energy sector contractor hit by ransomware
It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test… Continue reading The shocking speed of AWS key exploitation