Czechia and Germany have disclosed that they fell victim to an extensive cyber espionage campaign orchestrated by the Russian-affiliated state-sponsored group known as APT28, which has drawn sharp rebukes from several Western entities, including the European Union (E.U.), NATO, the United Kingdom, and the United States. According to a statement…
A recently identified vulnerability in VMware ESXi hypervisors has been under active exploitation by several ransomware groups, raising significant concerns among cybersecurity experts. The flaw, detailed under CVE-2024-37085 and assigned a CVSS score of 6.8, enables attackers to bypass Active Directory integration authentication, thus granting them illicit administrative access to…
In this week’s cybersecurity newsletter, we bring you a comprehensive overview of the current threats facing organizations globally, focusing on the latest cybersecurity incidents and the mitigation strategies that business owners should be aware of. The digital landscape is continually evolving, and understanding these threats is crucial to safeguarding sensitive…
Microsoft’s Smart App Control and SmartScreen Found Vulnerable to Exploitation Recently, cybersecurity researchers have identified critical vulnerabilities within Microsoft’s Windows Smart App Control (SAC) and SmartScreen features, which may grant threat actors an opportunity for initial access to targeted systems without triggering security alerts. This discovery raises concerns about the…
Microsoft Addresses 61 Security Vulnerabilities in May Patch Update In its latest Patch Tuesday update for May 2024, Microsoft has resolved 61 newly identified security vulnerabilities across its software products, amongst them two zero-day flaws that have been actively exploited in the wild. These updates follow a proactive security strategy…
Microsoft has announced that it is actively working on security updates to rectify two significant vulnerabilities that could potentially be exploited to conduct downgrade attacks against its Windows update system. These vulnerabilities may allow malicious actors to replace the current versions of operating system files with outdated ones, undermining the…
OpenVPN Vulnerabilities Disclosed by Microsoft: A Potential Attack Vector Microsoft recently announced the discovery of four medium-severity security vulnerabilities within the open-source OpenVPN software, which could be exploited in conjunction to enable remote code execution (RCE) and local privilege escalation (LPE). The implications of these flaws are significant, as they…
Microsoft Reports Unpatched Zero-Day Vulnerability in Office Suite Microsoft has recently revealed a serious unpatched vulnerability in its Office suite, identified as CVE-2024-38200. This zero-day flaw presents the risk of unauthorized exposure of sensitive information to malicious entities if successfully exploited. The vulnerability, which has a CVSS score of 7.5,…
Cybersecurity researchers have identified significant vulnerabilities within Microsoft’s Azure Health Bot Service that could allow malicious actors to traverse customer environments, potentially accessing sensitive patient data. These vulnerabilities were recently reported by Tenable, emphasizing the critical nature of the flaws now patched by Microsoft. Tenable’s investigation highlights that the vulnerabilities…
