Palo Alto Networks warned customers yesterday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago.Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software.Even though the OpenSSL […]
Apple has not yet fixed zero-day exploits on macOS, leaving many Mac computers especially macOS Big Sur and macOS Catalina vulnerable, according to a new report. Two of the active zero-days Apple tackled include CVE-2022-22674 and CVE-2022-22675. The first exploit (CVE-2022-22674) is a ‘write bug’ that can allow malicious apps to execute arbitrary code. While […]
Network manufacturer Zyxel warns of a critical vulnerability that could allow an attacker to become administrator of Zyxel firewalls. The devices contain a vulnerability that could allow an attacker to bypass authentication and gain administrative access to the device. The impact of the leak, designated CVE-2022-0342, has been rated 9.8 on a scale of 1 […]
Operators of the malware will most probably try and infect as many systems as possible with it — both inside and outside Ukraine — to make their DDoS attacks more powerful. Another indication is a sharp increase in phishing attacks out of Russia over the past 24 hours that already have affected some organizations in […]
Critical medical device risks:– IV pumps are the most common healthcare IoT device and possess a lion’s share of risk– Healthcare IoT running outdated Windows versions dominate devices in critical care sectors– Default passwords remain a common risk– Network segmentation can reduce critical IoMT and IoT risk
Several Ukrainian government websites down due to a major a cyberattack. Below is the websites reads in part: “Ukrainians!…All information about you has become public, be afraid and expect worse.” According to the New York Times, the attack also crippled the sites of the cabinet of ministers, along with the ministries of energy, sports, agriculture, […]
1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes.
20% of America’s largest 100 defense contractors are highly susceptible to a ransomware attack, according to a research from Black Kite. Several critical vulnerabilities were detected that contractors should address immediately. Nearly 43% of federal defense contractors have out-of-date systems. 42% of contractors have had at least one compromised credential within the past 90 days.
Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability, a DNS rebinding flaw, that took over 17 months to roll out a fix to customers. The disclosed vulnerability could easily be exploit if the user had not changed the default admin password, or a threat actor could brute-force the […]
Do you want to understand the modern cyber threats and the most commonly used attack surfaces behind any malware/cyber-attack?Don’ts:1.) Don’t give everything easily to the attacker, make it harder for him to get. (Control Measures in the network)2.) Don’t enable legitimate vulnerable application if not in use, attackers always use legit applications in the network. (Abuse […]