National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software.

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software.

Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products. The impacted products are:

Windows Remote Desktop Protocol (RDP) servers are now being abused by DDoS-for-hire services to amplify Distributed Denial of Service (DDoS) attacks.

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor.

With the January 2021 Patch Tuesday security updates release, Microsoft has released fixes for 83 vulnerabilities, with ten classified as Critical and 73 as Important.

Romanian cybersecurity firm Bitdefender has released a free decryptor for the DarkSide ransomware to allow victims to recover their files without paying a ransom.

Security researchers following the money circuit from Ryuk ransomware victims into the threat actor’s pockets estimate that the criminal organization made at least $150 million.

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices.

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers.

Trojanized versions of SolarWinds’ Orion IT monitoring and management software have been used in a supply chain attack leading to the breach of government and high-profile companies after attackers deployed a backdoor dubbed SUNBURST or Solorigate.

Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability. Sophos purchased firewall and router maker Cyberoam Technologies in 2014 and has been offering free upgrades to their XG Firewall OS since 2019.

VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan.

Νέα εκστρατεία ηλεκτρονικού ψαρέματος (phishing) κάνει κατάχρηση του νόμιμου ιστότοπου φιλοξενίας αρχείων WeTransfer για τη διαβίβαση κακόβουλων συνδέσμων μέσω φίλτρων ηλεκτρονικού ταχυδρομείου

VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges.

Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call.

Cisco has fixed today three Webex Meetings security vulnerabilities that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants.

TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators.