Google Patches Actively Exploited Chrome Bug

The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code. While people were celebrating the Fourth of July holiday in the United States,…

Vulnerability Spotlight: Command injection vulnerabilities in Robustel cellular router

Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered four vulnerabilities in the Robustel R1510 industrial cellular router.  The R1510 is a portable…

ZuoRAT Can Take Over Widely Used SOHO Routers

Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor. A novel…

Security Innovation: Secure Systems Start with Foundational Hardware

Threat Post – Threat Post – LIVE EVENT, MONDAY JULY 11: Join Threatpost and Intel Security’s Tom Garrison in a live conversation about innovation enabling stakeholders to stay ahead of…

Patchable and Preventable Security Issues Lead Causes of Q1 Attacks

Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks. Eighty-two percent of attacks on organizations in Q1 2022 were caused…

Mitel VoIP Bug Exploited in Ransomware Attacks

Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments. Ransomware groups are abusing unpatched versions of a Linux-based Mitel VoIP…

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers. The Cybersecurity and Infrastructure Security Agency (CISA) and Coast Guard Cyber Command (CGCYBER) released…

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers. Advanced persistent threat group Fancy Bear…

Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture

Culture of ‘insecure-by-design’ security is cited in discovery of bug-riddled operational technology devices. Researchers discovered 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors, most of which they’ve attributed…

Avos ransomware group expands with new attack arsenal

By Flavio Costa, Chris Neal and Guilherme Venere. In a recent customer engagement, we observed a month-long AvosLocker campaign. The attackers utilized several different tools, including Cobalt Strike, Sliver and…