[SecurityWeek] U.S. Agencies Share More Details on ADSelfService Plus Vulnerability Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Coast Guard Cyber Command (CGCYBER) have shared new details on in-the-wild attacks targeting a recently patched flawin Zoho’s ManageEngine ADSelfService Plus product.

read more

Source: Read More (SecurityWeek RSS Feed)

You might be interested in …

[TheRecord] Founder of bulletproof hosting provider used by malware gangs gets 5 years in prison

A US federal judge has sentenced today a Russian national to five years in prison for founding and operating a bulletproof hosting company that provided servers and technical support to malware and cybercrime groups between 2008 and 2015. Named Aleksandr Grichishkin, the 34-year-old Russian is part of a quartet charged and detained by US authorities […]

Read More

[HackerNews] Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module

All posts, HackerNews

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. The heap overflow vulnerability “can be exploited locally or remotely within a network to […]

Read More

[ThreatPost] Fake Zoom App Dropped by New APT ‘LuminousMoth’

All posts, ThreatPost

First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app. Source: Read More (Threatpost)

Read More