Cyber Security Informer

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

The Hacker News

SEPTEMBER 14, 2021

Of the 66 flaws, three are rated

Software

CISA adds Chrome, Redis bugs to the Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 29, 2022

On March 27, the US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog. One of the 66 flaws added to the catalog is the recently discovered Windows CVE-2022-21999 vulnerability, which is a Windows Print Spooler Elevation of Privilege bug.

Engineering

Engineering Cybersecurity Hacking Risk

TrickBot helps Emotet come back from the dead

Malwarebytes

NOVEMBER 16, 2021

Not only had the infrastructure been dismantled, but previously infected computers had received a special update that would effectively remove the malware at a specific date. Out of the woods again. On November 15, security researchers who’ve tracked Emotet announced that the threat was back. A return of malspam waves and ransomware?

InfoSec

InfoSec Ransomware Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day

Security Affairs

SEPTEMBER 14, 2021

Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day flaw actively exploited in targeted attacks. Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day RCE actively exploited in targeted attacks aimed at Microsoft Office and Office 365 on Windows 10 computers.

DNS

DNS Internet Internet Hacking

Ransomware operators target CVE-2020-14882 WebLogic flaw

Security Affairs

NOVEMBER 7, 2020

out of 10, it was addressed by Oracle in this month’s release of Critical Patch Update ( CPU ). The flaw was discovered by the security researcher Voidfyoo from Chaitin Security Research Lab, it was addressed in Oracle’s October 2020 Critical Patch Update. The vulnerability received a severity rating 9.8 and 14.1.1.0.

Ransomware

Ransomware Malware Internet Internet

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot).

Government

Government Banking Advertising Malware

Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws

Security Affairs

JUNE 12, 2019

Microsoft releases Patch Tuesday security updates for June 2019 that address 88 vulnerabilities in Windows OS and other products. 21 out of 88 flaws are rated as Critical in severity, 66 as Important, and only one of them rated as Moderate in severity. None of these vulnerabilities was exploited in attacks in the wild.

Advertising

Advertising Authentication Encryption Internet

Abusing cloud services to fly under the radar

Fox IT

JANUARY 12, 2021

An example of the creation of such a scheduled task by the adversary: schtasks /create /ru "SYSTEM" /tn "update" /tr "cmd /c c:windowstempupdate.bat" /sc once /f /st 06:59:00. ps1 – Task automation Filename update.bat – Task automation Filename update*.bat 66 2019 Mount the file-share IPv4 address 172.111.210[.]53

VPN

VPN Accountability Passwords DNS

Actors of Badness Exploit NCAA March Madness

SecureWorld News

MARCH 13, 2023

What's more is that 66% of mobile phones used at work are employee-owned, creating a challenging environment for security teams to protect. Throughout the tournament, cybercriminals may send phishing emails or text messages with malicious links or attachments disguised as updates on games and brackets.

Phishing

Phishing Mobile Passwords Accountability

Ransomware reinfections on the rise from improper remediation

Malwarebytes

OCTOBER 1, 2023

Meanwhile, 66 percent of SMBs testified to one or more ransomware attacks on their business this year—an increase of 44 percent over just three years. Lack of planning: 44 percent of SMBs do not have a comprehensive, updated incident response plan. Turn on automatic updates, if possible.

Ransomware

Ransomware Small Business Passwords Malware

7 Trends I Spotted When Reviewing 2020 and the Cybersecurity Skills Gap

Jane Frankland

JANUARY 13, 2021

Supply chain attacks are up too and fresh in our minds is December’s SolarWinds breach where threat actors gained access to governments and numerous public and private organisations around the world via trojanized updates to its Orion IT monitoring and management software. Furthermore, decisions get better as diversity increases.

Cybersecurity

Cybersecurity Risk Government Technology

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Elie

DECEMBER 2, 2017

In total, we recovered two IP addresses and 66 distinct domains. We hope the Deutsche Telekom event acts as a wake-up call and push toward making IoT auto-update mandatory. IoT device auto-updates should be mandatory to curb bad actors’ ability to create massive IoT botnets on the back of unpatched IoT devices.

IoT

IoT DDOS Internet Internet

Cyber Security Informer

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

CISA adds Chrome, Redis bugs to the Known Exploited Vulnerabilities Catalog

Webinars

Trending Sources

TrickBot helps Emotet come back from the dead

Webinars

Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day

Ransomware operators target CVE-2020-14882 WebLogic flaw

CISA alert warns of Emotet attacks on US govt entities

Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws

Abusing cloud services to fly under the radar

Actors of Badness Exploit NCAA March Madness

Ransomware reinfections on the rise from improper remediation

7 Trends I Spotted When Reviewing 2020 and the Cybersecurity Skills Gap

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Stay Connected