CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability
July 25, 2023Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang
June 16, 2023Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang.
CVE-2023-20887: VMware Aria Operations for Networks Command Injection
June 14, 2023VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8.
Microsoft’s June 2023 Patch Tuesday Addresses 70 CVEs (CVE-2023-29357)
June 13, 2023Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical.
Volt Typhoon: International Cybersecurity Authorities Detail Activity Linked to Chinese-State Sponsored Threat Actor
May 25, 2023Several international cybersecurity authorities from the United States, United Kingdom, Australia, Canada and New Zealand issue a joint advisory detailing tactics, techniques and procedures used in recent attacks by a Chinese state-sponsored threat actor.
Microsoft’s May 2023 Patch Tuesday Addresses 38 CVEs (CVE-2023-29336)
May 9, 2023Microsoft addresses 38 CVEs including three zero-day vulnerabilities, two of which were exploited in the wild.
CVE-2023-20864: VMware Aria Operations for Logs Deserialization Vulnerability
April 21, 2023VMware issues advisory to address two flaws in its VMware Aria Operations for Logs solution, including a critical deserialization flaw assigned a CVSSv3 score of 9.8.
Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)
April 11, 2023Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day.
Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376)
February 14, 2023Microsoft addresses 75 CVEs including three zero-day vulnerabilities that were exploited in the wild.
ProxyNotShell, OWASSRF, TabShell: Patch Your Microsoft Exchange Servers Now
January 31, 2023Several flaws in Microsoft Exchange Server disclosed over the last two years continue to be valuable exploits for attackers as part of ransomware and targeted attacks against organizations that have yet to patch their systems. Patching the flaws outlined below is strongly recommended.
Sandworm APT Deploys New SwiftSlicer Wiper Using Active Directory Group Policy
January 27, 2023Sandworm, the Russian-backed APT responsible for NotPetya in 2017, has recently attacked an Ukrainian organization using a new wiper, SwiftSlicer.
Microsoft’s January 2023 Patch Tuesday Addresses 98 CVEs (CVE-2023-21674)
January 10, 2023Microsoft addresses 98 CVEs including a zero-day vulnerability that was exploited in the wild.