CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793

Today, CISA—along with the U.S. Federal Bureau of Investigation (FBI), National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC)—released a joint Cybersecurity Advisory (CSA), Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally. Since September 2023, Russian Foreign Intelligence Service (SVR)-affiliated cyber actors (also […]

CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793 Read More »

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

SUMMARY The U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity & Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear,

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally Read More »

New cybercrime market ‘OLVX’ gains popularity among hackers

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks. OLVX follows a recent trend where cybercrime marketplaces are increasingly hosted on the clearnet instead of the dark web, making them more accessible to a broader range of users and possible to

New cybercrime market ‘OLVX’ gains popularity among hackers Read More »

Windows 11 KB5033375 update released with upgraded Copilot AI-assistant

Microsoft has published a new update for Windows 11 versions 23H2 and 22H2 (KB5033375) to fix security vulnerabilities and improve Copilot. Windows 11’s December 2023 Update advances to Build 22631.2861 and adds new features like Copilot for multiple displays and Alt-Tab. You can grab the Patch by going to Start > Settings > Windows Update and clicking on ‘Check for Updates.’  What’s new in

Windows 11 KB5033375 update released with upgraded Copilot AI-assistant Read More »

Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day

Today is Microsoft’s December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution (RCE) bugs were fixed, Microsoft only rated three as critical. In total, there were four critical vulnerabilities, with one in Power Platform (Spoofing), two in

Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day Read More »

Avira antivirus causes Windows computers to freeze after boot

Since Friday, Windows users have reported problems with the operating system freezing shortly after booting, an issue linked to a faulty update for Avira’s security software. A considerable number of Windows 11 and Windows 10 customers have experienced these system freezes, with most linking the issues to Avira. According to many of these reports on Reddit and Avira’s own customer

Avira antivirus causes Windows computers to freeze after boot Read More »

Ukrainian military says it hacked Russia’s federal tax agency

​The Ukrainian government’s military intelligence service says it hacked the Russian Federal Taxation Service (FNS), wiping the agency’s database and backup copies. Following this operation, carried out by cyber units within Ukraine’s Defense Intelligence, military intelligence officers breached Russia’s federal taxation service central servers and 2,300 regional servers across Russia and occupied Ukrainian territories. The

Ukrainian military says it hacked Russia’s federal tax agency Read More »

OAuth apps used to automate BEC and cryptomining attacks

Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth (short for Open Authorization) is an open standard for granting apps secure delegated access to server resources based on user-defined permissions via token-based authentication and authorization without providing credentials. Recent incidents

OAuth apps used to automate BEC and cryptomining attacks Read More »

The Apache Software Foundation Updates Struts 2

The Apache Software Foundation has released security updates to address a vulnerability (CVE-2023-50164) in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.5.33 or Struts 6.3.0.2 or greater. This content is being syndicated

The Apache Software Foundation Updates Struts 2 Read More »

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Adobe Prelude Adobe Illustrator Adobe InDesign Adobe Dimension Adobe

Adobe Releases Security Updates for Multiple Products Read More »

Scroll to Top