enterprise
Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)
A zero-day vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile (EPMM) has been exploited to carry out an attack that affected 12 Norwegian ministries, the …
Has the MOVEit hack paid off for Cl0p?
The number of known Cl0p victims resulting from its Memorial Day attack on vulnerable internet-facing MOVEit Transfer installations has surpassed 420, according to IT market …
Thanks Storm-0558! Microsoft to expand default access to cloud logs
Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, …
VirusTotal leaked data of 5,600 registered users
VirusTotal has suffered a data leak that exposed the names and email addresses of 5,600 of its registered users. The leaked data reportedly includes information about …
Malware delivery to Microsoft Teams users made easy
A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the …
PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)
An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin …
Microsoft Teams vulnerability allows attackers to deliver malware to employees
Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox. “Organisations that use …
VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)
CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being …
VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)
VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network …
Switzerland under cyberattack
Swiss government websites are under DDoS attacks, but several ransomware gangs have also turned their sights on Swiss government organizations, cantonal governments, cities …
The multiplying impact of BEC attacks
The 2023 Verizon Data Breach Investigations Report (DBIR) has confirmed what FBI’s Internet Crime Complaint Center has pointed out earlier this year: BEC scammers are …
MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims
The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been …