Cybersecurity, security vulnerability for Adobe ColdFusion
The US CISA: It contains an improper access control flaw that allows for remote code execution. Adobe: It has been exploited in the wild in very limited attacks.
Cybersecurity, CISA releases 3 new ICS advisories on vulnerabilities
They are linked to Advantech iView, AVEVA InTouch Access Anywhere, and Rockwell Automation Logix controllers.
Cyber Espionage, Iran’s hackers targeted the US FCEB
The APT exploited the Log4Shell vulnerability, installed XMRig, moved laterally to the domain controller (DC), compromised credentials, and implanted Ngrok reverse proxies.
Cybercrime, Maui used by North Korean hackers to target Healthcare and Public Health
CISA, FBI and Treasury cybersecurity experts: The ransomware appears to be designed for manual execution by remote actors.
Cybersecurity, CISA adds CVE-2022-26134 to its Known Exploited Vulnerabilities Catalog
It’s a critical zero-day flaw in Atlassian’s Confluence Server and Data Center. The company patched it, but It’s actively exploited.
Cybersecurity, CISA adds 7 new vulnerabilities in the exploited list
They are: CVE-2022-29464, CVE-2022-26904, CVE-2022-21919, CVE-2022-0847, CVE-2021-41357, CVE-2021-40450 and CVE-2019-1003029. Patch the flaws ASAP!
Cybercrime, Lazarus targets blockchain companies with TraderTraitor
The North Korea’s APT uses spear phishing emails to cryptocurrency firm employees that mimic recruitments for high-paying jobs: Goal: to download the malware.
Cybercrime, some APTs can fully access ICS / SCADA devices
DoE, CISA, NSA and FBI cybersecurity experts from: They have developed custom tools that attack Schneider Electric and OMRON Sysmac NEX PLCs, and OPC-UA.
Cybersecurity, CISA adds 3 new vulnerabilities to the Known Exploited Catalog
They are the CVE-2021-3156, CVE-2021-31166 and CVE-2017-0148. One is linked to Sudo and the other two to Microsoft.
Cyber Espionage, Russian hackers exploit MFA protocols and “PrintNightmare” flaw
FBI-CISA cybersecurity experts: The threat actors used a misconfigured account set to default MFA protocols and the (CVE-2021-34527).