Cybersecurity agencies have sounded alarm bells about active exploitation of a critical vulnerability in Citrix application delivery controllers (ADCs) and gateways. This flaw, tracked as CVE-2023-4966 and dubbed “Citrix Bleed” is being leveraged by affiliates of the LockBit ransomware gang to compromise organizations across sectors. The Vulnerability (CVE-2023-4966) CVE-2023-4966 stems from a session management issue…
Read More
Welcome to this month’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. In this ever-evolving landscape of cybersecurity, staying informed is not just a choice, but a necessity. Our mission is to keep you up-to-date with the most critical developments in the digital defense realm, and this bi-weekly publication is your gateway to the…
Read More
If you have been optimistically daydreaming that losses attributed to cybercrime might have reduced in the last year, it’s time to wake up. The FBI’s latest annual Internet Crime Complaint Center (IC3) report has just been published and makes for some grim reading. According to the IC3 report, online fraud hit record losses in 2023,…
Read MoreToday, CISA and the National Security Agency (NSA) released five joint Cybersecurity Information Sheets (CSIs) to provide organizations with recommended best practices and/or mitigations to improve the security of their cloud environment(s). CISA and NSA encourage all organizations to review the practices and implement the mitigations provided in the joint CSIs to help strengthen their…
Read More
Scams The internet can be a wonderful place. But it’s also awash with fraudsters targeting people who are susceptible to fraud. 06 Mar 2024 • , 5 min. read We’re all getting older. That’s good news for digital fraudsters, who see rich pickings to be had in a rapidly ageing society. They’re increasingly targeting senior…
Read MoreCisco released security updates to address vulnerabilities in Cisco Secure Client and Secure Client for Linux. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following security releases and apply the necessary updates: Source link ddde ddde ddde ddde…
Read MoreCISA released one Industrial Control Systems (ICS) advisory on March 7, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations. Source link ddde ddde ddde ddde ddde ddde ddde ddde ddde ddde…
Read MoreCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read MoreApple released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review the following security releases and apply the necessary updates: Source link ddde ddde ddde ddde ddde ddde ddde ddde ddde ddde ddde ddde…
Read More
Mar 07, 2024NewsroomCyber Espionage / Software Security The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously…
Read More