CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands
Taiwanese PC Company MSI Falls Victim to Ransomware Attack
Taiwanese PC company MSI (short for Micro-Star International) officially confirmed it was the victim of a cyber attack on its systems. The company said it « promptly » initiated incident response and recovery measures after detecting « network anomalies. » It also said it alerted law enforcement agencies of the matter. That said, MSI did not disclose any specifics […]
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That’s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed
Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari
Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild. The two vulnerabilities are as follows – CVE-2023-28205 – A use after free issue in WebKit that could lead to arbitrary code execution when processing specially crafted web content. CVE-2023-28206 – An out-of-bounds write issue in
Expert-Led Webinar: Learn Proven Strategies to Secure Your Identity Perimeter
The stakes are high when it comes to cybersecurity. No longer are we dealing with unskilled hackers trying to break into corporate systems with brute force. Today, cybercriminals are using highly sophisticated methods like social engineering, spear phishing, and BEC to target users directly and log in with valid credentials. This is why the identity […]