April 2, 2022

Trend Micro Fixes Actively Exploited Remote Code Execution Bug Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely. Apex Central is a web-based management console that helps system admins manage Trend Micro Read more…

Critical GitLab Vulnerability Lets Attackers Take Over Accounts GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords. The bug (discovered internally and tracked as CVE-2022-1162) affects both GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw results from static Read more…

EU Draft Law Adds Security Checks to All Crypto Transactions The European Parliament has taken the first steps for new legislation against money-laundering that covers cryptocurrency transactions, which are an important part of illicit activities today. Members of the European Parliament from the Committee on Economic and Monetary Affairs (ECON) Read more…

Sitel on Okta breach: “spreadsheet” did not Contain Passwords Okta’s outsourced provider of support services, Sitel (Sykes) has shared more information this week in response to the leaked documents that detailed the various incident response tasks carried out by Sitel after the Lapsus$ hack. The documents, leaked by a researcher online, perpetuated the myth that Sitel Read more…

Phishing Uses Azure Static Web Pages to Impersonate Microsoft Phishing attacks are abusing Microsoft Azure’s Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials. Azure Static Web Apps is a Microsoft service that helps build and deploy full-stack web apps to Azure from GitHub or Azure DevOps Read more…

CISA Orders Agencies to Patch Actively Exploited Sophos Firewall Bug The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies on Thursday to patch a critical Sophos firewall bug and seven other vulnerabilities within the next three weeks, all exploited in ongoing attacks. As Sophos revealed almost one week ago, Read more…

New BlackGuard Password-stealing Malware Sold on Hacker Forums A new information-stealing malware named BlackGuard is winning the attention of the cybercrime community, now sold on numerous darknet markets and forums for a lifetime price of $700 or a subscription of $200 per month. The stealer can snatch sensitive information from Read more…

Zyxel Patches Critical Bug Affecting Firewall and VPN Devices Network equipment company Zyxel has updated the firmware of several of its business-grade firewall and VPN products to address a critical-severity vulnerability that could give attackers administrator-level access to affected devices. Zyxel’s security advisory refers to products from the USG/ZyWALL, USG Read more…

Apple Emergency Update Fixes Zero-days Used to Hack iPhones, Macs Apple has released security updates on Thursday to address two zero-day vulnerabilities exploited by attackers to hack iPhones, iPads, and Macs. Zero-day security bugs are flaws the software vendor is unaware of and hasn’t patched. In some cases, they also have publicly available Read more…