Black Basta Ransomware Exploits Windows Vulnerability Recent investigations by Symantec have revealed that threat actors associated with the Black Basta ransomware may have leveraged a newly uncovered zero-day vulnerability in the Microsoft Windows Error Reporting Service. This security flaw, identified as CVE-2024-26169, is classified as an elevation of privilege vulnerability…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a deadline of November 17, 2023, for federal agencies and organizations to implement security mitigations against several vulnerabilities identified in the Juniper Junos OS, which were disclosed earlier in August. This move comes in light of growing concerns surrounding the…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a strong recommendation urging manufacturers to eliminate default passwords on systems exposed to the internet. The agency emphasizes that these types of passwords present significant risks, allowing malicious actors to gain unauthorized access and traverse networks within organizations. In a…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent directive on Friday, advising Federal Civilian Executive Branch (FCEB) agencies to take immediate action against two zero-day vulnerabilities found in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS). These threats have already been actively exploited by various malicious…
The U.S. government announced on Wednesday that it has taken significant action to disrupt a botnet composed of hundreds of small office and home office (SOHO) routers based in the United States. This botnet, referred to as the KV-botnet, is linked to Volt Typhoon, a state-sponsored threat actor associated with…
Election Security, Fraud Management & Cybercrime, Government CISA Affirms Election Security Amid Heightening Threat Landscape Chris Riotta (@chrisriotta) • October 21, 2024 CISA has provided ongoing election-related guidance as the November vote approaches. (Image: Shutterstock) As early voting commences across 28 states, the Cybersecurity and Infrastructure Security Agency (CISA) is…
Iranian Hackers Target Critical Infrastructure with Advanced Techniques Recent intelligence from a collaborative cybersecurity advisory issued by CISA, FBI, and NSA has raised alarms about Iranian hackers aggressively targeting critical infrastructure across sectors such as healthcare, government, IT, engineering, and energy. These threat actors utilize a combination of brute force…
A significant cyber threat has emerged, characterized by the exploitation of a recently uncovered zero-day vulnerability in Palo Alto Networks PAN-OS software. This flaw has been active since March 26, 2024, well before its public disclosure, which occurred yesterday. Unit 42, a division of Palo Alto Networks, has initiated a…
Critical Vulnerability Exposes Adobe Commerce and Magento Stores to Exploits Recent cybersecurity research indicates that a significant 5% of all Adobe Commerce and Magento stores have been compromised due to a serious security vulnerability named CosmicSting. This development underscores the escalating risk that online retailers are facing in the digital…
