Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks Nov 23, 2023NewsroomVulnerability / Cyber Threat An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. “The payload targets Read more…
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups Nov 16, 2023NewsroomVulnerability / Email Security A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. “Most of this activity occurred after Read more…
Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities Nov 15, 2023NewsroomPatch Tuesday / Zero-Day Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three Read more…
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server | MSRC Blog November 8, 2022 update – Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082. We recommend that customers protect their organizations by applying the updates immediately to affected systems. The options described in the Mitigations section are no Read more…
Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software Oct 25, 2023NewsroomThreat Intelligence / Vulnerability The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims’ accounts. “Winter Vivern has stepped up its Read more…