January 14, 2022

The recent disclosure and exploitation of vulnerabilities affecting the widely used Log4j logging utility have once again highlighted the importance of open source security and software supply chain security. The goal of the White House summit was to identify ways […]

January 14, 2022

Initially detailed in December 2020, GootLoader is a piece of initial access malware, allowing its operators to deploy various other malware families – including ransomware – on the compromised machines. Over the past few weeks, the GootLoader hacking group has […]

January 13, 2022

Also tracked as MERCURY, Seedworm, and Static Kitten, MuddyWater was initially detailed in 2017. The threat actor is known for conducting espionage campaigns focused on entities in the Middle East, but has targeted entities in Europe and North America as […]

January 13, 2022

Mozilla released Firefox 96 that addressed 18 security vulnerabilities in its web browser and the Thunderbird mail program. Nine vulnerabilities addressed by the new release are rated high-severity, the most severe one is a race condition issue tracked as CVE-2022-22746. […]

January 13, 2022

Microsoft has revealed that it has discovered several serious security vulnerabilities in Windows 11, as well as other versions including Windows 10. The revelations came as part of January 2022’s ‘Patch Tuesday’ – the day of the month that Microsoft […]

January 13, 2022

As banks start to increasingly embrace digital transformation, they become more susceptible to cyberattacks. What is making them so vulnerable? The banking and finance industry has traditionally been slow to adopt new technologies because of complex concerns with security, privacy, […]

January 12, 2022

Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan, American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors. To that end, […]

January 12, 2022

A new cross-platform backdoor called “SysJoker” has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that’s believed to have been initiated during the second half of 2021. “SysJoker masquerades as […]

January 12, 2022

Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, which […]

January 12, 2022

Initially announced in early November 2021, the list includes more than 300 vulnerabilities that are a frequent attack vector in malicious attacks, and which represent a significant risk to federal organizations. The Known Exploited Vulnerabilities Catalog was published along with […]