Researchers Warn of NTLMv1 Bypass in Active Directory Policy
Silverfort has discovered that a misconfiguration can bypass an Active Directory Group Policy designed to disable NTLMv1, allowing…
Scammers Exploit California Wildfires, Posing as Fire Relief Services
Cybercriminals are exploiting the California wildfires by launching phishing scams. Learn how hackers are targeting victims with fake domains and deceptive tactics, and how to protect yourself from these cyber threats.
Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes
A recent cyberattack, mimicking the tactics of the notorious Black Basta ransomware group, targeted one of SlashNext’s clients.…
Microsoft Discovers macOS Flaw CVE-2024-44243, Bypassing SIP
CVE-2024-44243, a critical macOS vulnerability discovered recently by Microsoft, can allow attackers to bypass Apple’s System Integrity Protection…
Hackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix Controllers
A critical vulnerability (CVE-2024-50603) in the Aviatrix Controller allows unauthenticated RCE. Active exploitation observed by Wiz Research in…
Malicious Kong Ingress Controller Image Found on DockerHub
A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account…
Fake CrowdStrike Recruiters Distribute Malware Via Phishing Emails
SUMMARY Cybercriminals are deploying a tricky new phishing campaign impersonating the cybersecurity firm CrowdStrike‘s recruiters to distribute a…
Fake PoC Exploit Targets Cybersecurity Researchers with Malware
A fake proof-of-concept (PoC) exploit designed to lure cybersecurity researchers into downloading malicious software. This deceptive tactic leverages a recently patched critical vulnerability in Microsoft's Windows LDAP service (CVE-2024-49113), which can cause denial-of-service attacks.
Muddling Meerkat Linked to Domain Spoofing in Global Spam Scams
Infoblox cybersecurity researchers investigating the mysterious activities of 'Muddling Meerkat' unexpectedly uncovered widespread use of domain spoofing in malicious spam campaigns.
Ivanti Urges Patch for Flaws in Connect Secure, Policy Secure and ZTA Gateways
Ivanti has issued a critical security advisory addressing two vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateway products.