Citrix Discloses Actively-Exploited Critical Vulnerability
Citrix has disclosed critical vulnerabilities affecting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Read on to learn more about the vulnerabilities and what you can do to ensure your Citrix technologies are protected. Tell me more about the Citrix NetScaler vulnerabilities The Citrix NetScaler ADC and ... Read More
Microsoft’s July 2023 Patch Tuesday: 132 Vulnerabilities, 6 Zero-Days
Microsoft has released its July 2023 Patch Tuesday security updates, fixing 132 vulnerabilities. Read on to get the details. What vulnerabilities did Microsoft patch? The 132 vulnerabilities Microsoft patched include including 37 remote code execution vulnerabilities fixed, with nine of them rated as “Critical.” The most pressing patches addressed six ... Read More
CISA Releases Joint Advisory on Truebot Malware
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) have issued a joint advisory in response to a surge in cyber threats from Truebot malware variants. These threats are particularly ... Read More
Akira Ransomware Targets VMware ESXi Servers
Akira ransomware has expanded its attack capabilities and is leveraging a Linux encryptor to target VMware ESXi virtual machines. This adaptation allows Akira to execute double-extortion attacks on companies globally. Read on to learn more about this critical vulnerability. What is Akira ransomware? Initially discovered in March 2023, Akira is ... Read More
VMware Discloses Active Exploitation of Critical Vulnerability in Aria Operations Networks
Threat actors are at it again. VMware has updated a previously issued security advisory to alert customers about the active exploitation of a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-20887. This vulnerability is located within VMware Aria Operations for Networks (formerly known as vRealize Network Insight). Read on ... Read More
Critical Vulnerability Discovered in Patched Zyxel Storage Devices
On June 20, 2023, Zyxel, a well-known network-attached storage (NAS) device manufacturer, disclosed a critical security flaw known as CVE-2023-27992. This pre-authentication command injection vulnerability has been assigned a high CVSS score of 9.8, indicating its severe impact and ease of exploitation. Read on to learn more about this vulnerability ... Read More
Advanced Phishing Attacks: How to Stem the Tide
The problem with phishing is not just its relentless onslaught—it’s that threat actors continue to evolve toward more advanced phishing attacks. The ability to psychologically manipulate and dupe people into taking certain actions helps adversaries bypass many types of security controls and solutions. Awareness about phishing must extend beyond the ... Read More
Emerging Trend: Malicious Use of New Google Domains .zip and .mov
Google recently introduced eight new top-level domains (TLDs) that can be purchased for hosting websites or email addresses. Popular TLDs include .com, .io, .net, .gov, etc. Among the new TLDs are .zip and .mov, which are raising cybersecurity concerns because they’re also a common way to denote file extensions. Here’s ... Read More
Malicious Online Bots: More Than Just a Nuisance
Among the many cybersecurity concerns and threats that companies deal with daily, bots perhaps don’t really rank as high-priority risks. Perceptions about bots often see them regarded as nuisances that skew web analytics results rather than causing security risks. But there are both harmless and harmful bots, and the malicious ... Read More
Cybersecurity in Manufacturing: Key Threats and Risks
Whether it’s production lines halted by a malware attack causing millions of lost revenue, or a cyber-espionage attempt that stealthily infiltrates your network and steals your trade secrets, countless plausible scenarios threaten cybersecurity in manufacturing in the modern hyperconnected, digital age. Arguably, security defenses and awareness still lag behind the ... Read More