Security News

Apr 27, 2022

CISA releases 2021 Top Routinely Exploited Vulnerabilities

CISA, in a coauthored statement, has released the top routinely exploited vulnerabilities of 2021.

Apr 20, 2022

Oracle Releases April 2022 Critical Patch Update

Per CISA- Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Apr 19, 2022

Cisco WLC Vulnerability Alert

On Friday, April 15th, Cisco released an advisory to warn of the vulnerability tracked as CVE 2022-20695 (CVSS V3 Score 10.0)

Apr 13, 2022

Microsoft Patch Tuesday Updates

Microsoft Patch Tuesday Updates

Apr 13, 2022

VMware POC Exploit

A POC exploit for VMware has been released taking advantage of an existing RCE vulnerability (CVE 2022-22954 ) currently being used to infect the servers of coin miners. At least one working exploit has been released on Twitter.

Apr 13, 2022

FBI disinfects devices with Cyclops Blink

In early April, the FBI remotely accessed and disinfected US located devices infected with a new botnet malware attributed to the Russian State hacking outfit, Sandworm. The infected devices were primarily firewall devices from WatchGuard and Asus.

Apr 1, 2022

Chrome 0 Day Vulnerability

On March 25th, Google released an update to fix a vulnerability in its Chrome Browser that was actively being exploited.

Mar 30, 2022

Spring4Shell

A critical security vulnerability has appeared in the Spring Cloud function which could allow for RCE (remote code execution). As with Log4Shell, the newly dubbed Spring4Shell is another collection of Java Vulnerabilities.

Mar 29, 2022

Alert (AA22-083A)- Russian State Sponsored Threats to the Energy Sector

Russian State Sponsored Threats to the Energy Sector

Mar 28, 2022

CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Mar 25, 2022

Lapsus$ Breaches

Data extortion group Lapsus$ has breached Microsoft and Okta.

Mar 14, 2022

Veeam Backup & Replication Issue

Veeam has released patches for two critical issues impacting Backup and Replication which provides backup and restore capabilities for virtual environments running on Hyper-V, vSphere, and Nutanix AHV, as well as for servers and workstations, and for cloud-based workloads.

Feb 28, 2022

FoxBlade Malware

Microsoft Threat Intelligence Center (MSTIC) has identified a new malware being called FoxBlade.

Feb 28, 2022

IsaacWiper and HermeticWizard (aka KillDisk)

Wiper Targets multiple Ukrainian Organizations

Feb 28, 2022

SunSeed

A Lua-based malware/phishing campaign (likely nation-state sponsored), which utilizes compromised Ukrainian armed service member’s email accounts to target European Union government personnel that are involved in managing the logistics of refugees fleeing Ukraine has emerged.