CSC ServiceWorks, a leading provider of commercial laundry services, has disclosed a data breach after the personal information of an undisclosed number of individuals was exposed in a 2023 cyberattack. […]
Category Added in a WPeMatico Campaign
New AMD SinkClose flaw helps install nearly undetectable malware
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. […]
Microsoft discloses Office zero-day, still working on a patch
Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. […]
Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs
An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser’s executables to hijack homepages and steal browsing history. […]
US dismantles laptop farm used by undercover North Korean IT workers
The U.S. Justice Department arrested a Nashville man charged with helping North Korean IT workers obtain remote work at companies across the United States and operating a laptop farm they used to pose as U.S.-based individuals. […]
Cisco warns of critical RCE zero-days in end of life IP phones
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. […]
Microsoft: Exchange 2016 reaches extended end of support in October
Microsoft reminded today that Exchange 2016 will reach the end of extended support next year on October 14 and shared guidance for admins who need to decommission outdated servers. […]
CISA warns about actively exploited Apache OFBiz RCE flaw
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. […]
Exploit released for Cisco SSM bug allowing admin password changes
Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers. […]
CISA warns of hackers abusing Cisco Smart Install feature
CISA recommends disabling the legacy Cisco Smart Install feature after seeing it abused by threat actors in recent attacks to steal sensitive data, such as system configuration files. […]