Category: security
Sophos flags concerning firewall security flaws, users told to patch now
Sophos says it found, and patched, three flaws in its firewall product The flaws allowed for RCE and privilege escalation Those unable to apply the patch can use a workaround Sophos has recently discovered, and patched, three bugs in its Firewall product, and given the severity, has urged users to…
Read More
Sophos hotfixes remote code execution vulnerabilities in Firewall
Sophos says it found, and patched, three flaws in its firewall product The flaws allowed for RCE and privilege escalation Those unable to apply the patch can use a workaround Sophos has recently discovered, and patched, three bugs in its Firewall product, and given the severity, has urged users to…
Read More
A new Microsoft 365 phishing service has emerged, so be on your guard
Researchers said that Rockstar2FA went quiet in November 2024 But a new PaaS emerged soon afterwards, with partly overlapping infrastructure The new PaaS is called FlowerStorm, and it targets Microsoft365 accounts Cybersecurity researchers from Sophos have warned a new Phishing-as-a-Service (PaaS) tool has emerged, allowing threat actors to easily hunt…
Read More
US healthcare giant Ascension says ransomware attack affected nearly six million customers
Ascension was struck by ransomware attack in May 2024 It has now concluded its investigation into the attack Sensitive data on almost 5.6 million people was stolen Hackers that struck Ascension with ransomware managed to steal a whole treasure trove of sensitive customer information, with medical information, personally identifiable information,…
Read More
North Korean Lazarus hackers are targeting nuclear workers
Kaspersky recently discovered new additions to the Lazarus DreamJob campaign The criminalss targeted two people working in the same nuclear-related firm In the attack, they used updated malware to try and gain access The infamous Lazarus Group, a threat actor linked to the North Korean government, was recently observed targeting…
Read More
New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration
Androxgh0st’s integration with Mozi amplifies global risks IoT vulnerabilities are the new battleground for cyberattacks Proactive monitoring is essential to combat emerging botnet threats Researchers have recently identified a major evolution in the Androxgh0st botnet, which has grown more dangerous with the integration of the Mozi botnet’s capabilities. What began…
Read More