VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven… Continue reading VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

RCE vulnerabilities fixed in SolarWinds enterprise solutions

SolarWinds has released updates for Access Rights Manager (ARM) and (Orion) Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. SolarWinds ARM flaws fixed SolarWinds, the company whose Orion IT admi… Continue reading RCE vulnerabilities fixed in SolarWinds enterprise solutions

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the … Continue reading QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

Corporate users getting tricked into downloading AnyDesk

Hackers are leveraging the AnyDesk remote desktop application in a phishing campaign targeting employees, Malwarebytes warns. The AnyDesk phishing campaign In a phishing campaign recently discovered by Malwarebytes researchers, attackers targeted poten… Continue reading Corporate users getting tricked into downloading AnyDesk

Decryptor for Rhysida ransomware is available!

Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor. Rhysida and its ransomware Rhysida is a relatively new ransomware-as-a-serv… Continue reading Decryptor for Rhysida ransomware is available!

Akira, LockBit actively searching for vulnerable Cisco ASA devices

Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. They are targeting vulnerabilities for which patches have been made available… Continue reading Akira, LockBit actively searching for vulnerable Cisco ASA devices

Deepfaked video conference call makes employee send $25 million to scammers

A deepfake video conference call paired with social engineering tricks has led to the theft of over US$25 million from a multinational firm, the South China Morning Post has reported. The scheme and the deepfake video conference call The attack started… Continue reading Deepfaked video conference call makes employee send $25 million to scammers

Fighting insider threats is tricky but essential work

Business executives are worried about accidental internal staff error (71%) almost as much as they are worried about external threats (75%). But which of the two is a bigger threat to a company? External vs insider threats External threats can cause gr… Continue reading Fighting insider threats is tricky but essential work

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based m… Continue reading PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Attackers can steal NTLM password hashes via calendar invites

A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Ta… Continue reading Attackers can steal NTLM password hashes via calendar invites