19 Nov 2021

FatPipe VPN Zero-Day Exploited by APT for 6 Months

The FBI released an alert stating that the advanced persistent threat groups (APTs) have been exploiting a zero-day flaw in FatPipe’s virtual private network as a way to breach companies and gain access to internal networks. The FBI stated that the threat groups have been exploiting the zero-day vulnerability since

Read More
06 Oct 2021

Apache HTTP Server Project patches exploited zero-day vulnerability

Apache HTTP Server Project developers are urging users to immediately implement a patch that resolves a zero-day vulnerability. According to a security advisory that was published yesterday, the bug is known to be actively exploited in the wild. Apache HTTP Server is an open-source project that focuses on the development

Read More
19 Jul 2021

UK blames China for Microsoft Exchange Server hack

On Monday, the UK government came forth to publicly accuse the Chinese government of perpetrating a damaging Microsoft Exchange Server hack that targeted organizations across Europe and North America. The UK joined several other entities, including the US and Microsoft itself, in claiming that China, specifically a state-sponsored hacking group

Read More
16 Jul 2021

Safari Zero-Day Used in Malicious LinkedIn Campaign

According to researchers from Google’s Threat Analysis Group and Project Zero, attackers exploited a Safari vulnerability to target government officials in Western Europe. The vulnerability was leveraged to send malicious links to government officials via LinkedIn. Google’s research team detected and reported the vulnerability, publishing a blog post on Wednesday

Read More
13 Jul 2021

SolarWinds Discloses Zero-Day Under Active Attack

SolarWinds has issued an advisory over a new vulnerability being actively attacked that is not related to the major supply chain attack discovered in December 2020. The company has since developed a hotfix that addresses the flaw and urges its customers to implement the patch immediately. The vulnerability lies in

Read More
18 Jun 2021

Kim Zetter on Understanding the Realities of Cyberthreats and How Code Has a Story to Tell

This week’s OODAcast is with Kim Zetter, an incredibly well respected journalist who has been covering cybersecurity related issues for two decades.  Matt Devost talks with Kim about a wide variety of cyber-related issues including a deep dive into Stuxnet and the implications for today’s security environment. Kim also shares details as to how she got into the field and how she developed relationships with the hacker community via her longstanding attendance at Def Con.

Read More
12 May 2021

Adobe Issues Patch for Acrobat Zero-Day

Adobe released several patches, including one for Acrobat. The vulnerability with Acrobat is being exploited in limited attacks on Adobe Readers users with Windows. The CVE-2021-28550 zero-day vulnerability affects Windows and macOS systems. The exploitation of the flaw could allow arbitrary code execution.  43 patches for 12 of its products were

Read More
28 Apr 2021

Apple Patches Zero-Day MacOS Bug That Can Bypass Anti-Malware Defenses

Apple has released a patch for a zero-day vulnerability in its macOS systems that could allow attackers to bypass anti-malware protections set in place. According to Apple, the notorious Mac threat Shlayer adware dropper has already been exploiting the vulnerability for several months. Therefore, Apple urges its customers to implement

Read More
14 Apr 2021

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

Cybercriminals are leveraging zero-day vulnerabilities in Microsoft Exchange servers, dropping cryptocurrency mining malware as part of a campaign that seeks to secretly steal the processing power of compromised systems. The campaign is targeted towards financial gain and is currently ongoing, according to advisories published by several US agencies, including warnings

Read More
08 Feb 2021

Google Chrome Zero-Day Afflicts Windows, Mac Users

Google has released a warning to its customers stating that a zero-day vulnerability is being actively exploited by attackers and encouraging Google Chrome browser users to maintain aware of the issue and implement a patch as soon as it is available. The flaw lies in the V8 open-source web engine

Read More