Cyberespionage APT GoldenJackal has been targeting air-gapped systems at government organizations and embassies.
The post Cyberspies Target Air-Gapped Systems at European Government Organization appeared first on SecurityWeek.
Ivanti Warns Customers of More CSA Zero-Days Exploited in Attacks
Ivanti says a few more CSA zero-day vulnerabilities have been found to be exploited in attacks where they are chained with CVE-2024-8963.
The post Ivanti Warns Customers of More CSA Zero-Days Exploited in Attacks appeared first on SecurityWeek.
ICS Patch Tuesday: Advisories Published by Siemens, Schneider, Phoenix Contact, CERT@VDE
ICS security advisories were published on Tuesday by Siemens, Schneider Electric, Phoenix Contact and CERT@VDE.
The post ICS Patch Tuesday: Advisories Published by Siemens, Schneider, Phoenix Contact, CERT@VDE appeared first on SecurityWeek.
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild
Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild.
Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn’t include the 25 additional flaws that the tech giant addressed in its Chromium-based
Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn’t include the 25 additional flaws that the tech giant addressed in its Chromium-based
Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks
Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic.
The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) attacks, which ultimately result
The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) attacks, which ultimately result
New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. […]
Microsoft: Windows 11 22H2 Home and Pro reached end of servicing
Microsoft reminded customers today that multiple editions of Windows 11 22H2 and 21H2 have reached their end of servicing. […]
New Mamba 2FA bypass service targets Microsoft 365 accounts
An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. […]
Microsoft fixes Remote Desktop issues caused by Windows Server update
Microsoft says this month’s Patch Tuesday cumulative updates fix a known issue that causes Windows servers to disrupt Remote Desktop connections in enterprise networks after installing the July Windows Server security updates. […]
Patch Tuesday: Microsoft Confirms Exploited Zero-Day in Windows Management Console
Redmond warns that attackers are rigging Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems.
The post Patch Tuesday: Microsoft Confirms Exploited Zero-Day in Windows Management Console appeared first on SecurityWeek.