CISA Adds Apple iOS and iPadOS Memory Corruption Bugs to its Known Exploited Vulnerabilities Catalog

These memory corruption vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, were exploited in attacks against iPhone devices. Apple released emergency security updates to address these zero-day vulnerabilities.

CISA Adds Android Pixel and Sunhillo SureLine Bugs to its Known Exploited Vulnerabilities Catalog

The CISA added Android Pixel and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities catalog, with the potential for local information disclosure and OS command injection.

CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the CVE-2023-29360 Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog, which allows attackers to gain SYSTEM privileges.

Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat

Organizations are urged to perform a hardware factory reset, upgrade firmware, change default credentials, and implement firewall rules to protect against the MooBot attacks.

US Agencies Warn of ALPHV/Blackcat Ransomware Threat to Healthcare Providers

ALPHV/Blackcat ransomware affiliates use advanced social engineering techniques and open-source research to gain initial access to victim networks, posing as IT or helpdesk staff to obtain credentials.

Russian SVR-Linked APT29 Threat Actors Adapt Their Tactics for Initial Cloud Access

The Russian Foreign Intelligence Service (SVR) cyber actors, also known as APT29 or Cozy Bear, have shifted their tactics to target cloud environments as organizations increasingly move to cloud-based infrastructure.

NIST Releases Version 2.0 of Landmark Cybersecurity Framework

NIST has updated the Cybersecurity Framework (CSF) to include quick-start guides, success stories, and a searchable catalog of references, making it more accessible and actionable for a wider range of organizations and sectors.

NCSC-UK Sounds Alarm Over Private Branch Exchange Attacks

The UK's National Cyber Security Centre (NCSC) has warned smaller organizations about the potential vulnerability of their private branch exchange (PBX) phone systems to cyberattacks.

CISA Warns of Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

The information disclosure vulnerability, known as CVE-2020-3259, is being exploited by the Akira ransomware group to compromise susceptible Cisco Anyconnect SSL VPN appliances.

CISA Adds Microsoft Windows Bugs to Its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Microsoft Windows vulnerabilities to its list of Known Exploited Vulnerabilities. These flaws, CVE-2024-21412 and CVE-2024-21351, are actively being exploited in the wild.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags