Search results for: vulnerability

vmware

Attackers use novel technique, malware to compromise hypervisors and virtual machines

Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts have discovered. They named the malware VirtualPITA (ESXi & Linux), VirtualPIE (ESXi), and VirtualGATE (Windows), and shared detection and hardening advice. The malware and techniques used by the attackers VirtualPITA and VirtualPIE are backdoors, which the attackers deliver by using malicious vSphere Installation Bundles (VIBs). VirtualGATE is a utility program that incorporates … More

Microsoft Exchange

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About the vulnerabilities (CVE-2022-41040, CVE-2022-41082) CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and CVE-2022-41082 allows remote code execution when PowerShell … More

Handshake

Cybeats partners with Veracode to help customers manage SBOM and software vulnerabilities

Cybeats Technologies and Veracode partnership will leverage complementary expertise to ensure customers receive the highest standard of cybersecurity solutions. Cybeats’ software supply chain security product, SBOM Studio, will be available to customers through Veracode Partners, and the companies will explore joint commercial opportunities. Once generated within the Veracode Continuous Software Security Platform, a Software Bill of Materials (SBOM) can enable greater software security by offering a full inventory of the third-party components used within an … More

fire

Office exploits continue to spread more than any other category of malware

The latest Internet Security Report from the WatchGuard Threat Lab shows a reduction in overall malware detections from the peaks seen in the first half of 2021, along with an increase in threats for Chrome and Microsoft Office and the ongoing Emotet botnet resurgence. Office exploits on the rise “While overall malware attacks in Q2 fell off from the all-time highs seen in previous quarters, over 81% of detections came via TLS encrypted connections, continuing … More

security platform

Aunalytics Security Patching Platform protects users against system compromise

Aunalytics initiated its Security Patching Platform, Co-managed Patching as a Service to complement the company’s Advanced Security solution suite. Windows OS and supported 3rd party patch management allow for tighter security in the defense against cyberattacks and the new offering ensures active remediation. According to a 2022 Data Breach Investigations Report by Verizon, around 70 percent of successful cyberattacks exploited known vulnerabilities with available patches, making it important to update operating systems and applications regularly … More

security platform

Malwarebytes enhances OneView platform to improve protection for SMB customers

Malwarebytes has expanded its OneView platform capabilities as well as grow the company’s Managed Service Provider (MSP) program. In addition to endpoint security, MSPs can now access vulnerability assessment, patch management and Domain Name System (DNS) filtering from Malwarebytes OneView. “At Malwarebytes, we aim to serve the underserved, which is what our MSP partners are doing every day for SMBs,” said Brian Thomas, Vice President of Worldwide MSP & Channel Programs at Malwarebytes. “I joined … More

Wolfi Linux

Wolfi Linux provides the control needed to fix modern supply chain threats

There’s been a massive push for supply chain security in the last few years: integrity protection, vulnerability management, and transparency. This push has left organizations struggling to secure their pipelines and manage vulnerabilities, especially when running in the cloud. Existing tooling doesn’t support supply chain security natively and requires users to bolt on critical features like signatures, provenance, and software bills of material (SBOM). In this Help Net Security video, Dan Lorenc, CEO at Chainguard, … More

security platform

CertifID launches PayoffProtect to authenticate loan payoff wiring

CertifID has launched PayoffProtect, which gives title, escrow and settlement companies peace of mind by preventing property loan payoffs from being sent to fraudsters. This launch comes on the heels of its recent $12.5 million Series A funding by Arthur Ventures, known for leading investments in business-to-business software companies. The new PayoffProtect solution combines CertifID’s expert knowledge and suite of intellectual property. The latter includes machine learning capabilities that are now being leveraged to automate … More

Handshake

Fortress Information Security collaborates with ONG-ISAC to improve supply chain cybersecurity

Fortress Information Security and the Oil and Natural Gas Information Sharing Analysis Center (ONG-ISAC) announced an industry-wide initiative focused on securing hardware and software components and supply chains. The software and hardware used by oil and natural gas systems are critical to the industry’s reliable and safe operation. In addition, the supply chains for these products are at increased risk of compromise. Fortress will enable ONG-ISAC members to manage these risks securely and cost-effectively. For … More

MS SQL

MS SQL servers are getting hacked to deliver ransomware to orgs

Cybercriminals wielding the FARGO (aka Mallox, aka TargetCompany) ransomware are targeting Microsoft SQL (MS SQL) servers, AhnLab’s ASEC analysis team has warned. They haven’t pinpointed how the attackers are getting access to the targeted servers, but noted that typical attacks targeting database servers include brute force and dictionary attacks aimed at ferreting out the passwords of existing, poorly secured accounts. “And there may be vulnerability attacks on systems that do not have a vulnerability patch … More

Sophos

RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)

Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled. If this news triggers a feeling of déjà vu, there’s a good reason: earlier this year, another zero-day (CVE-2022-1040) in the same component was leveraged by attackers against “a small set of specific organizations, primarily in the South Asia region” – and this time around is … More

week in review

Week in review: Revolut data breach, ManageEngine RCE flaw, free Linux security training courses

GTA 6 in-development footage leaked American video game publisher Rockstar Games has suffered an unfortunate data leak: someone has released online in-development footage/videos for Grand Theft Auto (GTA) 6, the eagerly anticipated instalment of the popular game. Uber says Lapsus$ gang is behind the recent breach Uber has confirmed that the recent breach of its systems started with a compromised account belonging to a contractor. Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559) Trellix Advanced … More