Clop Ransomware Gang Likely Exploiting MOVEit Transfer Vulnerability Since 2021

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software’s MOVEit Transfer application to drop ransomware. “The Cl0p Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection

Using social media as a tool to share knowledge on day-to-day Cybersecurity risks

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  When most people think about social media and cybersecurity, they typically think about hackers taking over Instagram accounts or Facebook Messenger scammers taking […]

Experts Unveil PoC Exploit for Recent Windows Vulnerability Under Active Exploitation

Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. “An attacker who successfully exploited this vulnerability […]

Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. “Further, Kimsuky’s objective extends to the theft of subscription credentials from NK News,” cybersecurity firm SentinelOne said in a report shared with The

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution. Also […]

Barracuda Urges Immediate Replacement of Hacked ESG Appliances

Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway (ESG) appliances to immediately replace them. “Impacted ESG appliances must be immediately replaced regardless of patch version level,” the company said in an update, adding its “remediation recommendation at this time is full replacement of […]

How Coffee County Schools safeguards 7500 students and 1200 staff

We’re excited to announce that our much-anticipated 4th edition of the Byte Into Security webinar series is now available on-demand. Originally aired on May 31st, this session is a goldmine for those facing the unique challenges of K-12 cybersecurity. The webinar is free, and you can watch it right now! We brought Logan Evans, Director of Information Systems at […]

Facebook clickbait leads to money scam for users

Online criminals are notorious for lurking on social media sites and tricking users into visiting malicious links. We recently observed a scheme where Facebook users are clicking on posts that lead to external websites set up for the sole purpose of scamming them out of hundreds of dollars via fake browser alerts. What is unique with this campaign is the abuse of Google […]

How to Create an Accessible Website and Why It Matters

By Owais Sultan Have you ever tried to access a website only to find that it’s difficult or impossible to navigate?… This is a post from HackRead.com Read the original post: How to Create an Accessible Website and Why It Matters