Please turn on your JavaScript for this page to function normally.
Microsoft Teams
Black Basta operators phish employees via Microsoft Teams

Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft …

attacks
Exploited: Cisco, SharePoint, Chrome vulnerabilities

Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s …

Fortinet
Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)

Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 …

Fortinet
Fortinet releases patches for publicly undisclosed critical FortiManager vulnerability

In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese …

Eye
Microsoft lost some customers’ cloud security logs

Microsoft has lost several weeks of cloud security logs that its customers rely on to spot cyber intrusions. What happened As reported by Business Insider earlier this month, …

Fortinet
87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls …

EU
EU adopts Cyber Resilience Act to secure connected products

The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use. CRA requirements The CRA …

Ivanti
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and …

Linux
CUPS vulnerabilities could be abused for DDoS attacks

While the Common UNIX Printing System (CUPS) vulnerabilities recently disclosed by researcher Simone “evilsocket” Margaritelli are not easily exploited for remote …

North Korea
Private US companies targeted by Stonefly APT

Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat …

Active Directory
Active Directory compromise: Cybersecurity agencies provide guidance

Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that …

SolarWinds Web Help Desk
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by …

Don't miss

Cybersecurity news