Diavol Ransomware has Connections with TrickBot

The FBI first learned of Diavol ransomware in October 2021. The FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.

McAfee Agent bug lets hackers run code with Windows SYSTEM privileges

McAfee has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges.

Nasty Linux kernel bug found and fixed

By the Common Vulnerability Scoring System (CVSS) v3.1 scoring test, the new Linux Kernel vulnerability scored a solid 7.7. That's considered a high-security vulnerability.

New STRRAT RAT Phishing Campaign

Security researchers at FortiGuard Labs recently came across an example of such an email which was subsequently found to harbor a variant of the STRRAT malware as an attachment.

Resurrected jQuery UI Library Haunts Websites, Enterprise Products

The flaws, classified as medium severity, are tracked as CVE-2021-41182, CVE-2021-41183, and CVE-2021-41184, and they have been patched with the release of jQuery UI 1.13.

WordPress plugin flaw puts users of 20,000 sites at phishing risk

The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.

Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware

New Emotet spam campaigns were found using hexadecimal and octal representations of IP addresses, likely to evade detection via pattern matching. Both routines try to trick users into enabling macros.

New Log4j attacks target SolarWinds, ZyXEL devices

Cybercriminals looking to capitalize on the Log4Shell vulnerability are attacking devices from SolarWinds and ZyXEL that are known to have used the Log4j library inside their software.

Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 97 Update

A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity, 16 high-severity, and five medium-severity issues.

New MoonBounce UEFI Malware Used by APT41 in Targeted Attacks

Security analysts have discovered and linked MoonBounce, "the most advanced" UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group (also known as Winnti).

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags