Category: alerts
Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.
-
Scammers Target NFT Discord Channel
Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links. Read more
-
AA22-152A: Karakurt Data Extortion Group
Original release date: June 1, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enforce multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury),… Read more
-
Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said. Read more
-
Microsoft Releases Workaround Guidance for MSDT “Follina” Vulnerability
Original release date: May 31, 2022 Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the… Read more
-
ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn. Read more
-
Vulnerability Summary for the Week of May 23, 2022
Original release date: May 30, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info badminton_center_management_system_project — badminton_center_management_system Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. 2022-05-24 7.5 CVE-2022-30455 MISC battleye — battleye BattlEye v0.9 contains an unquoted service path which allows attackers to… Read more
-
Zero-Day ‘Follina’ Bug Lays Older Microsoft Office Versions Open to Attack
Malware loads itself from remote servers and bypasses Microsoft’s Defender AV scanner, according to reports. Read more
-
Critical Flaws in Popular ICS Platform Can Trigger RCE
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks. Read more
-
CISA and DoD Release 5G Security Evaluation Process Investigation Study
Original release date: May 26, 2022 CISA and the Department of Defense (DoD) have released their 5G Security Evaluation Process Investigation Study for federal agencies. The new features, capabilities, and services offered by fifth-generation (5G) cellular network technology can transform mission and business operations; and federal agencies will eventually be applying different 5G usage scenarios:… Read more
-
Zoom Patches ‘Zero-Click’ RCE Bug
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server. Read more