Bad actors exploited RCE in Progress Telerik to hack US agency server
Source: SC Media
Multiple cyber threat actors exploited a vulnerability that was first documented in 2019 that allows remote code execution (RCE) to access a federal agency’s web server over a roughly three-month period, the U.S. Cybersecurity and Infrastructure Agency reported.
Link to article
CHS to Notify 1 Million in Breach Linked to Software Flaw
Source: Data Breach Today
Hospital Chain Faults Zero-Day Vulnerability in 3rd-Party File Transfer Software. Community Health Systems will soon begin notifying up to 1 million individuals believed to have been affected by a data breach when attackers exploited a zero-day vulnerability in a third-party vendor's secure managed file transfer software.
CISA warns of Adobe ColdFusion bug exploited as a zero-day
Source: Bleeping Computer
CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild. This critical arbitrary code execution flaw (CVE-2023-26360) is due to an Improper Access Control weakness, and it can be abused remotely by unauthenticated attackers in low-complexity attacks that don't require user interaction.
ALPHV Ransomware Claims Amazon Ring Data Breach
Source: The Cyber Express
Ring, a popular home security company, has allegedly been the target of a data breach by the ALPHV ransomware group. Although there has been no official confirmation of the Amazon Ring data breach, a news report revealed that the ransomware group has access to the private data of the home security company and has threatened to leak it if an agreement is not reached..
Emotet Is Back Again!
Source: Info Risk Today
Emotet malware is again active. Security researchers marked the latest sighting of the Microsoft Office-loving Trojan in what's becoming a cycle of reemergence and hibernation. Before the newest wave of malicious Emotet emails began earlier this month, researchers from Cofense say the malware was active for a two-week run in November.
Comments