Flash Notices (21)

Flash Notice: New Ransomware Family, HavanaCrypt, Disguises Itself as Fake Google Update

Researchers at Trend Micro discovered a new ransomware family that’s being delivered as a fake Google software update - HavanaCrypt.

Flash Notice: [CVE-2022-29499] Critical Zero-Day Vulnerability Found in Mitel VoIP Appliance

A ransomware attack was deployed against an unnamed mark using Mitel’s VoIP appliance as an entry point. CVE-2022-29499 is actively being used in the wild

Flash Notice: Critical Confluence Zero-Day Vulnerability Exploited by Attackers

A critical unpatched remote code execution vulnerability (CVE-2022-26134) was found in Atlassian’s Confluence Server and Data Center products.

Flash Notice: "Follina" a Microsoft Office Zero-Day RCE Vulnerability

Over the holiday weekend, a Windows/Office zero-day vulnerability, given the name Follina, was discovered and found to be exploited in the wild.

Flash Notice: VMWare Vulnerabilities Found in Multiple Products

5/19/22 - VMware issued patches for security flaws CVE-2022-22972 & CVE-2022-22973 found in Workspace ONE Access, Identity Manager, + vRealize Automation.

Flash Notice: [CVE-2022-1388] Critical Remote Code Execution Vulnerability Found in F5's BIG-IP Systems

A critical vulnerability (CVE-2022-1388) was found in F5’s BIG-IP systems last week and is now being exploited in the wild.

Flash Notice: Critical RCE Vulnerability Found in VMware Workspace ONE Access & Identity Manager

Threat actors are currently exploiting an RCE vulnerability due to a server-side template injection in VMware Workspace ONE Access and Identity Manager.

Flash Notice: [CVE-2022-1096] Zero-Day Google Chrome Type Confusion Vulnerability

3/23/22 - Google was alerted about a dangerous zero-day vulnerability found in all Chromium based browsers. It's being tracked as CVE-2022-1096.

Flash Notice: Authentication Company, Okta, Breached by Lapsus$

Okta Inc., an authentication company used globally, is at the center of a potential data breach caused by the data extortion group, Lapsus$.

Flash Notice: Russian State-Sponsored Threat Actors Bypass Two-Factor Authentication Implementation, Gain Access to Cloud Storage Services

The FBI & CISA issued a statement this week warning companies that Russian state-sponsored threat actors gained access to an unnamed organization’s network

Prev 19 20 21 22 23 Next