Cybersecurity Daily

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for August 17, 2023.

Advisories

• Exploitation of Citrix ShareFile Vulnerability Spikes as CISA Issues Warning
• Two unauthenticated stack buffer overflows found in Ivanti Avalanche EMM
• Citrix ADC, Gateways Still Backdoored, Even After Being Patched
• Cisco Unified Communications Manager Flaw Let Attacker Launch SQL Injection Attacks
• New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
• Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service
• Report: PowerShell Gallery susceptible to typosquatting and other package-management attacks
• Kubernetes clusters face widespread attacks across numerous organizations
• New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities
• Gigabud RAT Attacking Android Users to Steal Banking Credentials
• Thousands of Android APKs use compression trick to thwart analysis

[Read more…] about Cybersecurity Daily: August 17, 2023

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for Tuesday, August 15, 2023.

Advisories

• New CVE-2023-3519 scanner detects hacked Citrix ADC, Gateway devices
• Hackers Use Weaponized PDFs and Chat Apps for C2 to Evade Detection
• Gigabud RAT Android Banking Malware Targets Institutions Across Countries
• Macs are getting compromised to act as proxy exit nodes
• Threat actors use beta apps to bypass mobile app store security
• North Korean Hackers Suspected in New Wave of Malicious npm Packages
• Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn
• Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking
• Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks
• Hacking ATMs by exploiting flaws in ScrutisWeb ATM fleet software

[Read more…] about Cybersecurity Daily: August 15, 2023

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for Wednesday, August 9, 2023.

Advisories

• EvilProxy phishing campaign targets 120,000 Microsoft 365 users
• Microsoft Releases Patches for 74 New Vulnerabilities in August Update
• Microsoft Visual Studio Code flaw lets extensions steal passwords
• Microsoft Patch Tuesday, August 2023 Edition
• Intel Addresses 80 Firmware, Software Vulnerabilities
• 40 Vulnerabilities Patched in Android With August 2023 Security Updates
• 16 Zero-Day Vulnerabilities Discovered in CODESYS Affect Millions of Industrial Devices
• Beware of New Malware Attack Disguised As Google Bard Ads On Facebook
• Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files
• SAP Patches Critical Vulnerability in PowerDesigner Product

[Read more…] about Cybersecurity Daily: August 9, 2023

Your dose of relevant cybersecurity advisories, industry news, and product updates for Thursday, August 3, 2023.

Advisories

• Over 640 Citrix Servers Compromised Using RCE Vulnerability
• Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign
• Microsoft Catches Russian Government Hackers Phishing with Teams Chat App
• It’s a hot 0-day summer for Apple, Google, and Microsoft security fixes
• Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan
• New hVNC macOS Malware Advertised on Hacker Forum

[Read more…] about Cybersecurity Daily: August 3, 2023