January 2023 – Page 8 – Learn and Explore

January 13, 2023
Uncategorized

Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023!

As the new year begins, it’s more important than ever to protect your business from the constantly evolving cyber threats that could compromise your valuable assets. But who wants to pay an arm and a leg for top-tier security? With this Uptycs introductory offer, you do not have to....

January 12, 2023
Uncategorized

Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover

Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them. Discovered by Red Balloon Security, the issues are tracked as CVE-2022-38773 (CVSS score: 4.6),...

January 12, 2023
Uncategorized

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours

A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access. “Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt...

January 12, 2023
Uncategorized

Patch where it Hurts: Effective Vulnerability Management in 2023

A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all potential breaches. It’s about focusing on...

January 12, 2023
Uncategorized

Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk

Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. “The issue arose from the way the browser interacted with symlinks when processing files and directories,” Imperva researcher Ron Masas said. “Specifically, the browser...

January 12, 2023
Uncategorized

Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System

Twitter on Wednesday said that its investigation found “no evidence” that users’ data sold online was obtained by exploiting any security vulnerabilities in its systems. “Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting...

January 12, 2023
Uncategorized

Alert: Hackers Actively Exploiting Critical “Control Web Panel” RCE Vulnerability

Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. Tracked as CVE-2022-44877 (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on...

January 11, 2023
Uncategorized

New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors

A new analysis of Raspberry Robin’s attack infrastructure has revealed that it’s possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is malware that has increasingly come under the...

January 11, 2023
Uncategorized

Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks

A wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit, also called Gootloader, is known to employ search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites...

January 11, 2023
Uncategorized

Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99

Are you looking to take your career in the information security industry to the next level? Look no further than the 2023 Certified Technology Professional Bundle! This unparalleled offer grants you lifetime access to nine comprehensive courses in information security, hacking, and cybersecurity at a remarkable price of just...