Please turn on your JavaScript for this page to function normally.
social engineering
Black Basta target orgs with new social engineering campaign

Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access …

Ivanti
Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of …

ConnectWise
ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of …

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, …

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!

UPDATE (February 22, 2024, 05:40 a.m. ET): Now designated as CVE-2024-1709 and CVE-2024-1708, the vulnerabilities are under active exploitation. Go here for up-to-date …

AnyDesk
Corporate users getting tricked into downloading AnyDesk

Hackers are leveraging the AnyDesk remote desktop application in a phishing campaign targeting employees, Malwarebytes warns. The AnyDesk phishing campaign In a phishing …

smb threats
SMBs face surge in “malware free” attacks

“Malware free” attacks, attackers’ increased reliance on legitimate tools and scripting frameworks, and BEC scams were the most prominent threats small and …

Hand
Attackers use portable executables of remote management software to great effect

Tricking users at targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a familiar pattern employed by financially …

ConnectWise Automate
High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP

ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or …

Netgear BR200
Two business-grade Netgear VPN routers have security vulnerabilities that can’t be fixed

Netgear has admitted that multiple security vulnerabilities in its business-grade BR200 and BR500 VPN routers can’t be fixed due to technical limitations outside of …

IoT
Critical bug allows remote compromise, control of millions of IoT devices (CVE-2021-28372)

A vulnerability (CVE-2021-28372) in the SDK that allows IoT devices to use ThroughTek’s Kalay P2P cloud platform could be exploited to remotely compromise and control …

data
Compromised devices and data protection: Be prepared or else

The January 6 riot and storming of the U.S. Capitol demonstrated just how quickly and unexpectedly our devices can fall into the wrong hands. The allegation that one rioter …

Don't miss

Cybersecurity news