1. Home
  2. Cybersecurity Events

Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

FCX routers vulnerable to actively exploited flaw by botnets
published: today
The "InfectedSlurs" botnet exploits a critical zero-day vulnerability (CVE-2023-49897) in FXC wireless LAN routers, models AE1021 and AE1021PE, leading to remote command execution, and FXC has released a firmware update (version 2.0.10) to mitigate this issue.
Take action: If you are using FCX routers, lock down the web management interface to trusted network and patch IMMEDIATELY. Most routers are exposed to the internet, so patching is more than advised. It's quite possible your router was already compromised.
Hacker crime groups actively targeting 9 months old Outlook/Exchange Flaw
published: Dec. 4, 2023
The Fancy Bear group, also known as Forest Blizzard by Microsoft and linked to Russia's GRU, is exploiting a nine-month-old Microsoft Outlook vulnerability (CVE-2023-23397) to gain control of Microsoft Exchange mailboxes, primarily targeting government, energy, and transportation sectors.
Take action: If you still haven't patched your Outlook since April 2023 and you haven't been hacked consider yourself extremely lucky. And your luck is about to run out, so PATCH OUTLOOK NOW.
Ransomware is exploiting Qlik Sense BI platform bugs to breach networks
published: Nov. 30, 2023
The Cactus ransomware group is exploiting critical vulnerabilities in Qlik Sense's Windows version, notably two major flaws (CVE-2023-41266 and CVE-2023-41265 - reissued as CVE-2023-48365), to infiltrate corporate networks, using techniques like PowerShell, BITS, and RDP for persistence, remote access, and data exfiltration.
Take action: If you are using Qlik Sense Enterprise for Windows, IMMEDIATELTY lock it down in your internal network. Then start patching as soon as possible.
OwnCloud critical vulnerabilities already activelly attacked
published: Nov. 27, 2023
Security experts have detected active attempts to exploit a critical vulnerability in OwnCloud's Graph API app, through severe issue, CVE-2023-49103. Urgent mitigation is needed due to its high CVSS score and ease of exploitation noted by the Shadowserver Foundation.
Take action: If you missed the advisory and you are using ownCloud, wake up your team and start applying the workarounds immediately. Hackers are already looking for your exposed ownCloud GraphAPI to hack you.
Sophos Web Appliance flaw activelly exploited by hacker teams in the wild
published: Nov. 20, 2023
CISA reports active exploitation of CVE-2023-1671, a critical command injection vulnerability in Sophos Web Appliance's warn-proceed handler, which has been patched but still targeted due to some systems having disabled auto-updates, even as the product passed its end of service.
Take action: If you are still using Sophos Web Appliance, enable auto-updates and bring it up to latest version. And since it's already past it's end-of-service deadline, plan to change the appliance soon.
Zimbra XSS vulnerability exploited by hackers to to steal government emails
published: Nov. 16, 2023
Google TAG has revealed that a cross-site scripting (XSS) vulnerability (CVE-2023-37580) in Zimbra Collaboration email software is being exploited by four different threat actors to target government entities to steal emails and login data. Most attacks are occurring after the vulnerability patch was disclosed with campaigns targeting government organizations in Greece, Moldova, Tunisia, Vietnam, and Pakistan.
Take action: f you are working with Zimbra Collaboration Suite, patch it version to the latest version of the software ASAP. Your users will be attacked via phishing emails, and there are so many users that some will definitely be scammed.
A new stealth backdoor into vulnerable Confluence persists after patching
published: Nov. 14, 2023
The newly discovered backdoor "Effluence" is injected via exploiting the CVE-2023-22518 vulnerability in Atlassian Confluence servers, allowing remote control even after patching. It evades detection with its stealthy nature, and requiring extensive manual review for removal due to its lack of digital traces.
Take action: Even if you have patched your Confluence server, engage a good team to review the plugins in your server and monitor for external comms to detect a potential webshell. Or just re-install from scratch, it's been too long if you are patching now.
Critical Confluence Flaw used in live Exploit Attempts and Ransomware attacks
published: Nov. 6, 2023
A critical security flaw in Atlassian's Confluence Server and Data Center, CVE-2023-22518, has been actively exploited by attackers deploying Cerber ransomware, prompting Atlassian to release urgent patches.
Take action: If you are still running Confluence Server or Datacenter and haven't patched it, wake up your engineering team and start patching. Because hackers have deployed automated scanners looking for Confluence and they have a ready exploit.
F5 BIG-IP Vulnerabilities actively exploited by hacker groups
published: Nov. 2, 2023
F5 Networks has disclosed two critical vulnerabilities in their BIG-IP systems, CVE-2023-46747 allowing remote code execution and CVE-2023-46748 enabling SQL injection, which have been exploited in the wild. Time to patch NOW.
Take action: If you are using F5 BIG-IP and still haven't patched it, start ASAP. Hackers are already scanning for your systems.
Apache ActiveMQ Vulnerability actively exploited, HelloKitty Ransomware gang leading the attacks
published: Nov. 2, 2023
The HelloKitty ransomware group has been exploiting a critical Apache ActiveMQ vulnerability (CVE-2023-46604) affecting thousands of unpatched servers, mainly in China, the USA, and Germany.
Take action: If you are using Apache ActiveMQ, PATCH NOW. You were probably still lucky not to get hacked but that will change very soon.