Network Security

CISA: SAP Vulnerabilities Under Active Attack, Poses Data Theft Risk

by Jessica Davis

An active cyberattack campaign was spotted in the wild, targeting systems running unpatched or misconfigured SAP systems. Threat actors are exploiting these vulnerabilities to gain full control of the...

FBI, CISA: APT Actors Exploiting Unpatched Fortinet Vulnerabilities

by Jessica Davis

Advanced persistent threat actors are actively exploiting unpatched vulnerabilities in Fortinet FortiOS platforms belonging to technology services, government agencies, and other private sector...

VMware Issues Patch for 2 Severe Flaws Posing Credential Theft Risk

by Jessica Davis

VMware issued a software update for its vRealize Operations, Cloud Foundation, and Lifecycle Manage to address two severe flaws that could allow an attacker to steal admin credentials and manipulate or...

DHS CISA Shares More Microsoft Exchange Vulnerability Guidance

by Jessica Davis

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency released another emergency directive designed to further mitigate vulnerabilities in on-prem Microsoft Exchange...

The Risk and Challenge of Bad Bot Traffic on Healthcare Sites, Apps

by Jessica Davis

Around the world, healthcare entities are steadily making progress on vaccinating individuals against COVID-19. Many of these providers are relying on technology for vaccine appointment scheduling and...

FBI: Mamba Ransomware Actors Weaponizing Freeware Encryption Tool

by Jessica Davis

The threat actors behind Mamba ransomware are weaponizing DiskCryptor, an open source full disk encryption software. The malware encrypts the entire drive, including the operating system, to restrict...

DHS CISA Shares Incident Response Tool for On-Prem Threat Activity

by Jessica Davis

The Department of Health and Human Services Cybersecurity and Infrastructure Security Agency unveiled the CISA Hunt and Incident Response Program (CHIRP) tool, which is designed to support entities...

Microsoft Shares One-Click Mitigation Tool for Exchange Server Flaws

by Jessica Davis

Microsoft unveiled a mitigation tool for small entities and others operating without a designated IT or security team, which is designed to automatically mitigate the recently...

APT Hackers Targeting Unpatched, On-Prem Microsoft Exchange Servers

by Jessica Davis

At least 10 advanced persistent threat (APT) hacking groups are targeting unpatched, on-prem Microsoft Exchange servers, in an effort to exploit the vulnerability and take control of the impacted...

DHS CISA Shares Remediation, Risk Guidance for SolarWinds Compromise

by Jessica Davis

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency released new guidance to help support security leaders and administrators with risk decisions and remediation of...

Microsoft Shares IOC Scan Tool, as Attacks on Exchange Servers Expand

by Jessica Davis

The Assistant Secretary for Preparedness and Response is urging healthcare entities to path the four critical vulnerabilities found in certain Microsoft Exchange Servers, under active exploit....

Vaccine Rollout Spurs 372% Rise Bad Bots; Spear-Phishing Up 26%

by Jessica Davis

The vaccine rollout has spurred an increase in nefarious activities tied to the response. Imperva found a whopping 372 percent surge in bad bot traffic against healthcare sites, while...

Threat Actors Targeting Serious Zyxel Networking Tech Vulnerability

by Jessica Davis

A host of security researchers are warning private sector organizations that threat actors are actively targeting a critical vulnerability found in Zyxel Communication platforms, in an effort to take...

DOJ Indicts Russian Hackers Behind 2017 NotPetya Malware Attack

by Jessica Davis

The Department of Justice announced the indictment of six Russian-backed hackers behind the global 2017 NotPetya malware attack. Though the cyberattack began on a...

Proof-of-Concept Prompts Alert on SharePoint Remote Execution Flaw

by Jessica Davis

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency is urging organizations to review a UK National Cyber Security Centre (NCSC) alert for a remote code execution...

350M Voicemails, Health Details Exposed by Misconfigured Database

by Jessica Davis

Comparitech researchers discovered a trove of Broadvoice databases containing more than 350 million customer records, including names, contact details, and in some...

CISA Urges Patch of Windows Remote Code Execution TCP/IP Flaw, DoS Risk

by Jessica Davis

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency urged all organizations to apply the patch for a remote code execution (RCE) vulnerability...

FBI, CISA Warn APT Hackers Chaining Vulnerabilities in Cyberattacks

by Jessica Davis

Advanced persistent threat (APT) hackers are targeting government networks, critical infrastructure, and election organizations by chaining vulnerabilities – a method of exploiting multiple...

Exploit Code Prompts CISA Alert to Microsoft Netlogon Vulnerability

by Jessica Davis

A recent public exploit for an elevation of privilege vulnerability found in Microsoft’s Netlogon will make unpatched systems a prime target for cybercriminals, according to a recent...

Healthcare Key Target of Hacker Selling Access to Compromised RDP

by Jessica Davis

The hacker known as TrueFighter has reemerged with a campaign actively targeting the remote desktop protocol (RDP) across all sectors, with those in the healthcare industry as...