Products

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for August 24, 2023.

For the latest news on malware and ransomware, check out our weekly Malware Roundup.

Advisories

• More than 3,000 Openfire servers exposed to attacks using a new exploit
• Hackers use public ManageEngine exploit to breach internet org
• New stealthy techniques let hackers gain Windows SYSTEM privileges
• New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App
• Ivanti Issues Fix for Critical Vuln in Its Sentry Gateway Technology
• Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist
• New Juniper Junos OS Flaws Expose Devices to Remote Attacks – Patch Now
• Akira ransomware gang spotted targeting Cisco VPN products to hack organizations
• FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective
• Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day
• Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks
• New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russia
• TP-Link Tapo L530E smart bulb flaws allow hackers to steal user passwords
• Apache XML Graphics Batik Flaw Exposes Sensitive Information
• FBI Warns of Cryptocurrency Heists by North Korea’s Lazarus Group
• Attackers Dangle AI-Based Facebook Ad Lures to Hijack Business Accounts

[Read more…] about Cybersecurity Daily: August 24, 2023

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for August 17, 2023.

Advisories

• Exploitation of Citrix ShareFile Vulnerability Spikes as CISA Issues Warning
• Two unauthenticated stack buffer overflows found in Ivanti Avalanche EMM
• Citrix ADC, Gateways Still Backdoored, Even After Being Patched
• Cisco Unified Communications Manager Flaw Let Attacker Launch SQL Injection Attacks
• New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
• Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service
• Report: PowerShell Gallery susceptible to typosquatting and other package-management attacks
• Kubernetes clusters face widespread attacks across numerous organizations
• New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities
• Gigabud RAT Attacking Android Users to Steal Banking Credentials
• Thousands of Android APKs use compression trick to thwart analysis

[Read more…] about Cybersecurity Daily: August 17, 2023

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for Tuesday, August 15, 2023.

Advisories

• New CVE-2023-3519 scanner detects hacked Citrix ADC, Gateway devices
• Hackers Use Weaponized PDFs and Chat Apps for C2 to Evade Detection
• Gigabud RAT Android Banking Malware Targets Institutions Across Countries
• Macs are getting compromised to act as proxy exit nodes
• Threat actors use beta apps to bypass mobile app store security
• North Korean Hackers Suspected in New Wave of Malicious npm Packages
• Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn
• Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking
• Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks
• Hacking ATMs by exploiting flaws in ScrutisWeb ATM fleet software

[Read more…] about Cybersecurity Daily: August 15, 2023