Alert

In 2023, over 6,500 ransomware attacks were reported, affecting a record 117 countries worldwide after a decline in 2022. Ransomware incidents rose 73% year-over-year to 6,670, with significant increases in June and July linked to a widely used file transfer tool. The Ransomware Task Force, established in 2021 by the …

A threat actor likely operating out of India is relying on various cloud services to conduct cyberattacks against energy, defense, government, telecommunications, and technology entities of Bangladesh, Cloudflare reports. Tracked as SloppyLemming, this group is linked to Outrider Tiger, a threat actor associated with India, previously Crowdstrike said, that uses …

Researchers found an attack targeting poorly secured Linux SSH servers using Supershell, a backdoor written in Go that gives attackers remote control of affected systems. After the initial infection, attackers likely used scanners to find more vulnerable targets and launched dictionary attacks with credentials collected from the compromised systems. The …

Google has released Chrome 129 for Windows, Mac, and Linux users. The update will be available gradually over the next few days and weeks. The latest Chrome version (129.0.6668.58 for Linux, 129.0.6668.58/.59 for Windows and Mac) includes several improvements and important security fixes. This release focuses on security by fixing …

CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws, adding them to its Known Exploited Vulnerabilities catalog, and is urging swift action from federal agencies and global organizations. CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVSS 8.8) Microsoft‘s MSHTML …

Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert for android devices on September 11, 2024 highlighting the vulnerabilities that affect Android versions 12, 12L, 13, and 14. The advisory said, bad attacker could potentially exploit these vulnerabilities to gain access the sensitive information stored in the devices, even …

CISA issues five advisories about Industrial Control Systems (ICS) on August 22, 2024. These advisories give important information about security issues, weaknesses, and threats related to ICS. ICSA-24-235-01 Rockwell Automation Emulate3D ICSA-24-235-02 Rockwell Automation 5015 – AENFTXT ICSA-24-235-03 MOBOTIX P3 and Mx6 Cameras ICSA-24-235-04 Avtec Outpost 0810 ICSA-20-282-02 Mitsubishi Electric …

Ivanti issued a security advisory about two important vulnerabilities in its Neurons for IT Service Management (ITSM) platform. Customers using the on-premise version should act quickly. The vulnerabilities (CVE-2024-7569 and CVE-2024-7570) affect Ivanti Neurons for ITSM versions 2023.4 and older, putting them at risk of unauthorized data access and system …

AMD has released a security bulletin about three possible vulnerabilities in its Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) technology. A researcher found vulnerabilities that could let a malicious hypervisor controlled by the host system access or modify the memory of a guest VM. This poses big risks to …

OS command injection vulnerabilities are a preventable type of weakness in software. Manufacturers can eliminate them by taking a secure design approach. Despite efforts, these vulnerabilities still appear, allowing adversaries to exploit them for harm. CISA and FBI are releasing this Alert because of recent well-known attacks that took advantage …