VMware Warns of Unpatched Critical Cloud Director Vulnerability Nov 15, 2023NewsroomNetwork Securit / Vulnerability VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances Read more…
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers Nov 11, 2023NewsroomThreat Intelligence / Cybercrime A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Read more…
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel Nov 06, 2023NewsroomCyber Attack / Online Security Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called Google Calendar RAT (GCR), Read more…
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware Oct 26, 2023NewsroomCyber Threat / Social Engineering The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach Read more…
Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss Oct 31, 2023NewsroomVulnerability / Data Protection Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in “significant data loss if exploited by an unauthenticated attacker.” Tracked as CVE-2023-22518, the vulnerability is rated Read more…
F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability Nov 01, 2023NewsroomVulnerability / Cyber Attack F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure, resulting in the execution of arbitrary system commands as part of an exploit chain. Tracked Read more…