Sophos Guidance on CIRCIA
Credit to Author: Doug Aamoth| Date: Tue, 05 Mar 2024 18:06:53 +0000
Insights to support US organizations impacted by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).
Read morecisa
Patch now! Roundcube mail servers are being actively exploited
A vulnerability in Roundcube webmail is being actively exploited and CISA is urging users to install an updated version.
Read moreCISA: Disconnect vulnerable Ivanti products TODAY
CISA has ordered all FCEB agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products.
Read moreArrests in $400M SIM-Swap Tied to Heist at FTX?
Credit to Author: BrianKrebs| Date: Thu, 01 Feb 2024 18:41:37 +0000
Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just filed for bankruptcy on that same day.
Read moreCISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities
CISA has added two Citrix NetScaler vulnerabilities to its vulnerability catalog, with a very short deadline to patch.
Read moreApache ActiveMQ vulnerability used in ransomware attacks
A remote code execution vulnerability in Apache ActiveMQ is being used by the HelloKItty ransomware group.
Read moreCISA catalog passes 1,000 known-to-be-exploited vulnerabilities. Celebration time, or is it?
Categories: Exploits and vulnerabilities Categories: News Tags: CISA Tags: KEV Tags: catalog Tags: vulnerabilities Tags: prioritize The CISA Known Exploited Vulnerabilities catalog has grown to cover more than 1,000 vulnerabilities since its launch in November 2021. |
The post CISA catalog passes 1,000 known-to-be-exploited vulnerabilities. Celebration time, or is it? appeared first on Malwarebytes Labs.
Read moreA Closer Look at the Snatch Data Ransom Group
Credit to Author: BrianKrebs| Date: Sat, 30 Sep 2023 19:47:57 +0000
Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.
Read moreTwo Apple issues added by CISA to its catalog of known exploited vulnerabilities
Categories: Exploits and vulnerabilities Categories: News Tags: Blastpass Tags: citizenlab Tags: pegasus Tags: nso Tags: cisa Tags: apple Tags: cve-2023-41064 Tags: cve-2023-41061 Tags: buffer overflow CISA has added two recently discovered Apple vulnerabilities to its catalog of known exploited vulnerabilities. |
The post Two Apple issues added by CISA to its catalog of known exploited vulnerabilities appeared first on Malwarebytes Labs.
Read moreZimbra issues awaited patch for actively exploited vulnerability
Categories: Exploits and vulnerabilities Categories: News Tags: Zimbra Tags: ZCS Tags: CVE-2023-38750 Tags: CISA Tags: CVE-2023-0464 Tags: TAG Tags: XSS Tags: JSP Tags: XML Tags: Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that could lead to exposure of internal JSP and XML files. |
The post Zimbra issues awaited patch for actively exploited vulnerability appeared first on Malwarebytes Labs.
Read more