Collaborate Disseminate
ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or other processing resources. The severity of the vulnerability is merely ̶… Continue reading High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP
A recent attack targeting crypto-related users of Mailchimp has ended up affecting users of cloud infrastructure provider DigitalOcean, the latter company has announced on Monday. “On August 8th, DigitalOcean discovered that our Mailchimp account… Continue reading DigitalOcean customers affected by Mailchimp “security incident”
The attacker behind the recent Twilio data breach may have accessed phone numbers and SMS registration codes for 1,900 users of the popular secure messaging app Signal. “Among the 1,900 phone numbers, the attacker explicitly searched for three nu… Continue reading 1,900 Signal users exposed following Twilio breach
U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. #Yanluowang #ransomware is claiming to have breached #Cisco ! Without any further info… Continue reading Cisco has been hacked by a ransomware gang
Six vulnerabilities in the MiCODUS MV720 GPS tracker that’s used by organizations around the world to manage and protect vehicle fleets could be exploited by attackers to remotely cut fuel to or abruptly stop vehicles. “Attackers could choo… Continue reading Vulnerabilities in popular GPS tracker could allow hackers to remotely stop cars
Malicious individuals are using stolen personally identifiable information (PII) and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week. The increasing malicious use of deep… Continue reading Attackers are using deepfakes to snag remote IT jobs
In The State of Pentesting 2022 Report, Cobalt studied data from 2,380 pentests and surveyed 602 cybersecurity and software development professionals. The report focuses on issues and stats relevant to both the security and development teams. Join the … Continue reading State of Pentesting 2022 report: Interactive event and open discussion
Three days have passed since Microsoft’s latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. It’s easy to see why: it may be exploited by unauthenticated, remote attackers to breac… Continue reading Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)
Just a few days after news of attempted use of a new variant of the Industroyer malware comes a warning from the US Cybersecurity and Infrastructure Security Agency (CISA): Certain APT actors have exhibited the capability to gain full system access to … Continue reading APT group has developed custom-made tools for targeting ICS/SCADA devices
Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. About CVE-2022-22954 CVE-2022-22954 is, in effect, a server-side template injec… Continue reading Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)