Ivanti warns critical EPM bug lets hackers hijack enrolled devices
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack…
‘Black Basta Buster’ Exploits Ransomware Bug for File Recovery
A tool now allows for victim files encrypted by the Black Basta cybercriminal gang to be fully or partially recoverable,…
New Black Basta decryptor exploits ransomware flaw to recover files
Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for…
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers
A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits. [...]
In Cybersecurity and Fashion, What’s Old Is New Again
What a recent rise in DDoS attacks portends — and how to prepare for 2024.
The Week in Ransomware – December 22nd 2023 – BlackCat hacked
Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be…
Ransomware Attackers Abuse Multiple Windows CLFS Driver Zero-Days
Attackers were escalating privileges left and right in 2023, thanks to one performance-oriented, security-lacking driver.
Google fixes 8th Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the…
Terrapin attacks can downgrade security of OpenSSH connections
Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH…
Ransomware Gangs Use PR Charm Offensive to Pressure Victims
Threat actors are fully embracing the spin machine: rebranding, speaking with the media, writing detailed FAQs, and more, all in…