In analyzing 138 actively exploited vulnerabilities in 2023, Google Mandiant reported Oct. 15 that 70% of them were zero-days, indicating that threat actors are getting much better at identifying vulnerabilities in software. It’s a worrying trend in and of itself, but what caused even more concern among security analysts was that Google Mandiant also found … Read more
The Fog and Akira ransomware gangs have been observed exploiting a critical vulnerability that lets them run a remote code execution (RCE) on Veeam Backup and Replications servers. While Veeam disclosed this critical deserialization bug and released a patch for CVE-2024-40711 on Sept. 4, publication of the proof-of-concept (PoC) developed by watchTowr Labs was delayed … Read more
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to ship spoofed e mail login pages which can be designed to reap customers’ credentials. “Not like different phishing webpage distribution habits by means of HTML content material, these assaults use the response header despatched by a server, which happens … Read more
Cybersecurity researchers have uncovered a novel malware marketing campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The exercise, detected by Proofpoint beginning August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the purpose of concentrating on over 70 organizations worldwide via a bespoke software known as Voldemort … Read more
Who does not fancy incomes US $2.5 million? That is the reward that is on provide from the US Division and State and Secret Service for info resulting in the arrest and/or conviction of a Belarusian man who allegedly was a key determine behind the event and distribution of the infamous Angler Exploit Package. 38-year-old … Read more