CISA: Critical Microsoft SharePoint bug now actively exploited
CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another…
Zombie APIs: The Scariest Threat Lurking in The Shadows?
By Dan Hopkins, VP of Engineering at StackHawk IT modernization and digital transformation initiatives, combined with faster software deployment lifecycles,…
Mandiant, SEC Lose Control of X Accounts Without 2FA
Crypto hacks on Mandiant and SEC X accounts are the predictable result of the social media platform's upcharge for basic…
Cisco says critical Unity Connection bug lets attackers get root
Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched…
The Week in Ransomware – January 5th 2024 – Secret decryptors
With it being the first week of the New Year and some still away on vacation, it has been slow…
Ivanti warns critical EPM bug lets hackers hijack enrolled devices
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack…
‘Black Basta Buster’ Exploits Ransomware Bug for File Recovery
A tool now allows for victim files encrypted by the Black Basta cybercriminal gang to be fully or partially recoverable,…
New Black Basta decryptor exploits ransomware flaw to recover files
Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for…
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers
A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits. [...]
In Cybersecurity and Fashion, What’s Old Is New Again
What a recent rise in DDoS attacks portends — and how to prepare for 2024.