In Q1 2022, Spring4Shell and Veeam RCE exploits were at the top of the list. Access control weaknesses are now connected to high-severity CVEs,…
Cybersecurity Threats
Cybersecurity
Supply Chain Cybersecurity: Everyone’s Responsibility
This week, I had a conversation with a new client who revealed that they are eager to solve various internal problems relating to their…
cyberattack
Convergence and Adoption of AI and ML Countering the Cyber Threat
During the last few years, we have witnessed an increase in advanced cyber attacks. Cybercriminals utilize the advanced technology to breach the digital boundary…
Cybersecurity Issues
PrivateLoader Malware Distribution Service is Blossoming in PPI Mode
The Pay-Per-Install (PPI) malware service, PrivateLoader, has been acquiring popularity in delivering a motley of malware. Usually, malware operators pay such service owners to…
Cybersecurity
RedLine malware is used by Fake Windows 11 upgrade installers
Threat actors have started dispersing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and running RedLine stealer malware.…
attackers
Samba-Critical Vulnerability Let Attackers Gain Remote Code Execution
A Virtual File System of Samba was found to be vulnerable to Remote Code Execution. Versions before 4.13.17 were vulnerable to this vulnerability. Samba…
Cross site scripting
Zimbra issues hotfix for XSS vulnerability under active exploitation
Attackers have targeted mailboxes in multiple waves across two attack phases. Business email platform Zimbra has released a hotfix for a cross-site scripting (XSS)…
Android
Android Users were Targeted by Dark Herring
A fraudulent subscription campaign called Dark Herring has targeted over 100 million Android users worldwide. The campaign has been operating for almost two years.…
Cybersecurity
SSRF flaws created in multiple apps via Google Drive integration errors
Execution flaws in Google Drive integrations created server-side request forgery (SSRF) vulnerabilities in a mixture of applications, a security researcher has disclosed. This included…
Cybersecurity
Log4j vulnerability targets SolarWinds, ZyXEL devices
SolarWinds and ZyXEL devices are being attacked by cybercriminals who are searching for Log4jShell vulnerability aka log4j vulnerability. The devices are known to contain…