Category: alerts
Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.
-
Security Researchers Reveal Activity Targeting ManageEngine ADSelfService Plus
Original release date: November 9, 2021 On September 16, CISA released a joint alert on exploitation of a vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus. On November 8, security researchers from Palo Alto Networks and Microsoft Threat Intelligence Center (MSTIC) released separate reports on targeted attacks against ManageEngine ADSelfService Plus. CISA encourages organizations to review… Read more
-
Multiple BusyBox Security Bugs Threaten Embedded Linux Devices
Researchers discovered 14 vulnerabilities in the ‘Swiss Army Knife’ of the embedded OS used in many OT and IoT environments. They allow RCE, denial of service and data leaks. Read more
-
Zoho Password Manager Flaw Torched by Godzilla Webshell
A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology, defense, healthcare, energy and education), deploying the Godzilla webshell and… Read more
-
Vulnerability Summary for the Week of November 1, 2021
Original release date: November 8, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info aaptjs_project — aaptjs An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. 2021-10-31 7.5 CVE-2020-36380 MISC aaptjs_project — aaptjs An issue… Read more
-
BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution. Read more
-
US Blacklists Pegasus Spyware Maker
NSO Group plans to fight the trade ban, saying it’s “dismayed” and clinging to the mantra that its tools actually help to prevent terrorism and crime. Read more
-
Critical Linux Kernel Bug Allows Remote Takeover
The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other. Read more
-
BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities
Original release date: November 4, 2021 On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range… Read more
-
‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new “Tortilla” threat actor. Read more
-
Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign
The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members. Read more