Emerging Threats Vulnerabilities

Researchers Report Attacks Targeting Max Severity Bug in Progress Software’s WS_FTP

Image source: Shutterstock The in-the-wild exploit activity could be a harbinger of things to come. As happened with a zero-day bug in Progress Software’s MOVEit file transfer software earlier this year, attackers have already started targeting a maximum severity vulnerability and other flaws the company disclosed last week in its WS_FTP Server file transfer technology. […]

Read More
Enterprise Malware

Chinese APT actor targeting unpatched SonicWall devices in credential stealing campaign

New attacks are similar to those that other China-backed actors have carried out in recent years as part of cyber espionage and data theft campaigns against US companies. A likely China-based threat actor is targeting unpatched SonicWall Secure Mobile Access 100 Series (SMA100) devices with highly persistent malware for stealing user credentials and providing the […]

Read More
Breaches Supply Chain Vulnerabilities

Magecart actors ramp up exploit attempts against Magento/Adobe Commerce vulnerability

Sansec says it has observed more probes in November against the now-patched zero-day flaw (CVE-2022-24086) than the rest of the year combined. Seven threat groups affiliated with the Magecart cybercrime syndicate have begun heavily targeting a critical, arbitrary code execution vulnerability in the Magento 2 and Adobe Commerce platform that powers tens of thousands of […]

Read More

Pro-Russian group urges supporters to launch DDoS attacks against US civilian infrastructure

Key takeaway: Killnet briefly disrupted several US airport websites in DDoS attacks that could well be a precursor of more to come in the next few days. Airport websites in two-dozen states, marine terminals and logistics facilities, weather monitoring centers, healthcare systems and more are potential next targets [222 words] What: Pro-Russian cyber threat actor […]

Read More