The vulnerability, tracked as CVE-2023-20273, allows for privilege escalation through the Web UI. It has been used alongside another vulnerability, CVE-2023-20198, in an exploit chain to deploy a malicious implant.
The vulnerabilities, which have been patched in version 2023.2.1, could be exploited by remote unauthenticated attackers to execute arbitrary code in the context of SYSTEM without authentication.
The campaign involves various types of malware, including cryptominers and keyloggers, and primarily targets enterprises that provide business-to-business (B2B) products and services.
Cultivating a strong cybersecurity culture and empowering employees to make informed security decisions is crucial for SMBs to protect themselves and gain customer trust.
The Play ransomware group has threatened Associated Wholesale Grocers (AWG) with a cyberattack, stating their intention to release sensitive data stolen from the firm on October 22, 2023.
The workers used false identities to secure remote IT jobs and funneled their earnings to North Korea, while also infiltrating and stealing information from the companies they worked for.
India’s Central Bureau of Investigation (CBI) conducted raids at 76 locations across the country as part of Operation Chakra-II, targeting cybercrime operations involved in tech support scams and cryptocurrency fraud.
Researchers at Aqua Nautilus have uncovered a threat to SSH in cloud environments. Attackers are using SSH tunneling to exploit SSH servers and gain access to organizations’ networks.
The guide categorizes phishing into two common tactics: obtaining login credentials and deploying malware, and provides details on techniques used by malicious actors, such as impersonation and spoofing, to carry out these attacks.
Security researchers have discovered tens of thousands of exploited devices with a backdoor installed due to a critical zero-day vulnerability in Cisco IOS XE software’s web user interface.