Security

Cybersecurity researchers have discovered that the threat actors are testing new attack techniques to distribute malware. Indeed, the latest version of the highly sophisticated Emotet botnet uses PowerShell commands attached to the XLL files to target Windows PCs. Emotet is an advanced Trojan that is primarily used to spread malware via phishing emails on compromised…

Microsoft has announced a new partnership with Red Button, an Israel-based Distributed Denial-of-Service (DDoS) attack simulation testing solutions provider. The Redmond giant believes that this collaboration will enable organizations to identify gaps and develop effective strategies to mitigate DDoS attacks. “With Red Button’s DDoS Testing service suite, you will be able to work with a…

Atlassian has released new security patches for its Jira and Jira Service Management solutions. The latest set of updates aims to address a critical vulnerability that could let attackers to bypass authentication controls. According to Atlassian’s security advisory, the bug was first discovered by Khoadha of Viettel Cyber Security. Tracked as CVE-2022-0540 and issued a…

Back in December, Amazon released emergency fixes to address the Log4j vulnerability in JVMs across multiple environments, but it looks like these updates still left some security loopholes. Since Amazon published the fixes, security researchers have discovered that the original hot patch left AWS customers vulnerable to container escape and privilege escalation bugs (via The…

Looking at a recently-announced product called “Microsoft Endpoint Manager”. While the product name and management interface may be shiny and new, you’ll probably recognize the underlying products as some of the same familiar products that device administrators have known for years. We’ll break down what’s included and some changes that may benefit and impact current and future deployments.

A team of security researchers has discovered that attackers are now exploiting the critical Spring4Shell vulnerability to spread Mirai malware on target systems. The Mirai botnet malware attacks were first detected earlier this month, and the threat actors are currently targetting vulnerable web servers in the Singapore region. According to Trend Micro’s researchers, the threat…

VMware has released patches to address several “critical” security vulnerabilities impacting its products. The company published a security advisory that encourages customers to apply all security patches and mitigations as soon as possible. VMware says that the security flaws in its enterprise software were privately reported by a security researcher at the Qihoo 360 Vulnerability…

When approaching a rollout of Microsoft Defender for Endpoint (MDE) for your organization, it can be difficult to know where to start.  In my last article, MDE was explained at a high level: what it is and why you should care.  This time, we will get into the weeds of how to actually plan for…

Microsoft has published details about a critical security vulnerability dubbed “Spring4Shell” in the Spring Framework for Java. The Redmond giant recommends its Azure cloud service customers to patch the critical remote code execution (RCE) exploit immediately. Disclosed by the WMware owned Spring on March 31, the company has already deployed a hotfix to address the…

Taiwan-based QNAP Systems has confirmed a new OpenSSL bug that impacts most of its network-attached storage (NAS) devices. According to the company’s advisory, the security flaw leads to an infinite loop that would result in a denial-of-service (DoS) state. The security vulnerability, tracked as CVE-2022-0778 and issued a CVSS “high” severity score of 7.5, has…