Cybersecurity Threats Articles

Weekly Vulnerability Recap – September 18, 2023 – Patch Tuesday Also For Adobe, Apple and More

September 18, 2023

It wasn’t just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities. Read more
Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days

September 13, 2023

Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761, an information disclosure flaw in Microsoft Word with a CVSS score of 6.2; and CVE-2023-36802, an elevation of privilege flaw in Microsoft Streaming Service with… Read more
Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

September 11, 2023

Android, Apple, Apache, Cisco and Microsoft are among the names reporting security vulnerabilities in the last week, and some are already under attack. Read more
Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

September 5, 2023

Citrix, Juniper, VMware and Cisco are just a few of the IT vendors whose products made news for security vulnerabilities in the last week. Read more
Weekly Vulnerability Recap – August 21, 2023 – When ACE Equals Bad

August 21, 2023

Normally, ‘ace’ implies something great, such as to ace an exam or to draw an ace in Blackjack. Unfortunately, arbitrary code execution (ACE) means that an attacker can use a vulnerability to execute any code they want on a device. In the vulnerabilities covered this week, attackers used an ACE vulnerability to install webshells and… Read more
Weekly Vulnerability Recap – August 14, 2023 – Old or New, Vulnerabilities Need Management

August 14, 2023

No one likes the hassle of dealing with patch management or vulnerability management, but it is universally agreed that security breaches are far worse. Many organizations try to proactively patch and manage vulnerabilities to prevent attackers from gaining any foothold. Google announced this week that it will now push out weekly security updates to Chrome… Read more
Power Management Vulnerabilities Could Shut Down Data Centers: Researchers

August 12, 2023

Trellix researchers are disclosing a number of critical data center power management platform vulnerabilities at DEFCON 2023 today. The vulnerabilities “could allow attackers to shut down entire data centers in minutes, slowly infect entire data center deployments to steal key data and information, or utilize compromised resources to initiate massive attacks at a global scale,”… Read more
Patch Tuesday Targets 74 Flaws, Including Microsoft Teams, Office

August 9, 2023

Microsoft’s August 2023 updates include six critical vulnerabilities, including a pair of Teams flaws that ‘deserve immediate remediation attention.’ Read more
New AI Threats Emerge as FraudGPT Creator Unleashes DarkBERT and DarkBART

August 3, 2023

New AI-powered cybercrime tools suggest that the capability of AI hacking tools may be evolving rapidly. The creator of FraudGPT, and potentially also WormGPT, is actively developing the next generation of cybercrime chatbots with much more advanced capabilities. Daniel Kelley, a reformed black hat hacker and researcher at cybersecurity firm SlashNext, posed as a potential… Read more
Microsoft Unsure How Chinese Hackers Stole MSA Key to Breach U.S. Agencies

July 18, 2023

Microsoft has hardened security following a Chinese hack of U.S. government agency email accounts, but some details remain a mystery. Even as the threat has passed, Microsoft officials are still analyzing how a Chinese threat group was able to access U.S. government accounts using a stolen inactive Microsoft account (MSA) consumer signing key. Chinese hacker… Read more