Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Apache fixes RCE flaw in Tomcat application server
What is the threat? A remote code execution vulnerability was discovered in the Apache Tomcat application server software – CVE-2019-0232. The Common Gateway Interface (CGI) servlet that this vulnerability affects is disabled by default, which is why the severity of...
Cybersecurity Threat Advisory: HOPLIGHT Malware
What is the threat? The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have discovered a new malware variant called HOPLIGHT. The malware has been identified as the work of HIDDEN COBRA which refers to activity...
Cybersecurity Threat Advisory: Verizon Customers Targeted in Mobile Phishing Campaigns
What is the threat? A phishing campaign has been discovered in the wild targeting Verizon customers. This phishing campaign is mimicking Verizon customer support and trying to get information about customers’ Verizon accounts to gain access. The phishing emails ask...
Cybersecurity Threat Advisory: Apache Server Vulnerability
What is the cybersecurity threat? A new flaw recently discovered in Apache allows for local privilege escalation where a person or program that has limited access or privileges (such as a user account) may be able execute code with root...
Cybersecurity Threat Advisory: MFA Bypassed via O365 and IMAP Attacks
What is the threat? Researchers from Proofpoint recently observed over one hundred thousand unauthorized logins across millions of Office 365 and Google Suite cloud users. These illegitimate brute force attacks utilize the Internet Message Access Protocol (IMAP) which bypasses multi-factor...
Cybersecurity Threat Advisory: Chrome Update Patches Zero-Day Vulnerability
What is the threat? On Friday, March 1st, Google released an update to patch a vulnerability in its Chrome browser. The vulnerability is currently being exploited in the wild and is a use-after-free flaw in the browser’s FileReader API. This...
Cybersecurity Threat Advisory: IRS Reveals Ongoing Threat of Internet Phishing Scams
What is the threat? The IRS warned taxpayers, businesses, and tax professionals about the ongoing threat of internet phishing campaigns that lead to theft of their sensitive information through its ‘Dirty Dozen Campaign’. To protect taxpayer’s confidential data against scams,...
Cybersecurity Threat Advisory: Considerations following the recent viral ‘Momo’ Challenge
What is the threat? There have been recent reports that seemingly innocent videos on YouTube, WhatsApp and other outlets include violence provoking and/or other inappropriate content. These videos have been dubbed the “Momo challenge” similar to last years “Blue Whale...
Cybersecurity Threat Advisory: Separ Malware Steals Credentials
What is the threat? Researchers from Deep Instinct have detected an ongoing phishing campaign being aimed at many organizations located across North America, Southeast Asia, and the Middle East. The campaign has been effectively distributing the credential-stealing malware known as...
Cybersecurity Threat Advisory: WordPress Plugin Flaw Allows Complete Website Takeover
What is the threat? A serious vulnerability in WordPress was recently discovered via the specific plugin known as “Simple Social Buttons.” This add-on enables site editors to insert social media sharing buttons throughout their website in an appealing and accessible...
