The company informed about the incident to the authorities; the FBI investigated the cyber attack taking the help of many cyber security firms. Harmony’s…
Vulnerabilities
Hacker exploits a zero-day vulnerability in Mitel VoIP
A ransomware attack against an unnamed target used Mitel VoIP equipment as an entry point to execute the code remotely and access the environment. …
Magecraft campaign sheds light on the scale of the ongoing campaign
A Magecart skimming campaign, recently discovered, was traced back to an earlier attack in November 2021. Two malware domains have been tracked for hosting…
WordPress sites updated automatically to fix a critical Plugin flaw
WordPress websites using a popular plugin named Ninha Forums have been automatically updated to fix a critical flaw, and the flaw has been widely…
A Microsoft Office 365 feature can help Ransomware hackers to hack Cloud files
A “dangerous piece of functionality” has been uncovered in Microsoft 365 suite that can be exploited by attackers to ransom files stored on SharePoint…
Vulnerabilities plaguing Mitel IP phones
Cybersecurity researchers have shared details of two medium-security vulnerabilities in Mitel 6800/6900 desk phones, and if the vulnerabilities are successfully exploited, the attackers can…
Researchers identify flaws in Carrier’s Industrial Access Control System
At least 8 vulnerabilities have been discovered in Carrier’s LenelS2 HID Mercury access control system; The system is prevalent in healthcare, education, transportation and…
Spam campaign using SVCReady malware
A new phishing campaign using SVCReady, a known malware, has been observed. “The malware is notable for the unusual way it is delivered to…
Microsoft Office flaw identified by researchers
A zero-day flaw in Microsoft Office has caught the attention of cybersecurity researchers; the flaw can be exploited to execute arbitrary code in affected…
Zyxel rolls out patches for critical firewall OS command injection vulnerability
Zyxel has patched a serious flaw plaguing Zyxel firewall devices, which allows unauthenticated and remote attackers to execute code arbitrarily. “A command injection vulnerability…