OpenAI’s ChatGPT and GPT-4 Used as Lure in Phishing Email, Twitter Scams to Promote Fake OpenAI TokensMarch 17, 2023
Hoping to cash in on the massive interest around OpenAI’s GPT-4 – ChatGPT’s new multimodal model – scammers have launched phishing campaigns via email and Twitter designed to steal cryptocurrency. Check out how they’re carrying out the scams and how you can avoid becoming a victim.
Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)March 14, 2023
Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397) Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed. 9Critica...
FBI and CISA Release Cybersecurity Advisory on Royal Ransomware GroupMarch 3, 2023
The FBI and CISA have released a joint Cybersecurity Advisory discussing the Royal ransomware group.
South Korean and American Agencies Release Joint Advisory on North Korean RansomwareFebruary 16, 2023
Several South Korean and American agencies have released a joint cybersecurity advisory on North Korean state-sponsored ransomware operators.
Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376)February 14, 2023
Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376) Microsoft addresses 75 CVEs including three zero-day vulnerabilities that were exploited in the wild. 9Critical 66Im...
ProxyNotShell, OWASSRF, TabShell: Patch Your Microsoft Exchange Servers NowJanuary 31, 2023
Several flaws in Microsoft Exchange Server disclosed over the last two years continue to be valuable exploits for attackers as part of ransomware and targeted attacks against organizations that have yet to patch their systems. Patching the flaws outlined below is strongly recommended.
Sandworm APT Deploys New SwiftSlicer Wiper Using Active Directory Group PolicyJanuary 27, 2023
Sandworm, the Russian-backed APT responsible for NotPetya in 2017, has recently attacked an Ukrainian organization using a new wiper, SwiftSlicer.
Oracle January 2023 Critical Patch Update Addresses 183 CVEsJanuary 19, 2023
Oracle addresses 183 CVEs in its first quarterly update of quarterly with 327 patches, including 71 critical updates.
Microsoft’s January 2023 Patch Tuesday Addresses 98 CVEs (CVE-2023-21674)January 10, 2023
Microsoft addresses 98 CVEs including a zero-day vulnerability that was exploited in the wild.
CVE-2022-47523: ManageEngine Password Manager Pro, PAM360 and Access Manager Plus SQL Injection VulnerabilityJanuary 5, 2023
Zoho patches a newly disclosed high-severity SQL injection flaw in several ManageEngine products; attackers have historically targeted several ManageEngine products over the last three years.
CVE-2022-47939: Critical RCE Vulnerability in Linux KernelDecember 29, 2022
A critical remote code execution vulnerability in the Linux kernel has been publicly disclosed by Trend Micro's Zero Day Initiative in its ZDI-22-1690 advisory. The vulnerability has been given a CVSSv3 of 10.0. There are no reports of active exploitation.
CVE-2022-37958: FAQ for Critical Microsoft SPNEGO NEGOEX VulnerabilityDecember 21, 2022
Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX, originally patched in September, after a security researcher discovered that it can lead to remote code execution. Organizations are urged to apply these patches as soon as possible.