Daily Cyber Brief
CISA urges agencies to fix F5 exploit, Iranian hackers targeted Jordan's foreign ministry, and government agencies warn of increased attacks targeting MSPs...
Cybersecurity
Today, multiple government agencies worldwide including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and NSA in partnership with the U.K.’s National Cyber Security Center (NCSC-UK), as well as the Australian Cyber Security Center…
Pro-Russian hackers have attacked the websites of several Italian institutions, including the senate, ANSA news agency reported on Wednesday. The hacker group "Killnet" claimed the attack, ANSA said, which also targeted the National Health Institute (ISS) and the…
HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which allow code to run with Kernel privileges. Kernel-level privileges are the highest rights in Windows, allowing threat actors to execute any…
Cybersecurity researchers with Malwarebytes said they discovered a malicious email targeting a government official at Jordan’s foreign ministry, and it appeared to originate from a prolific threat group allegedly based in Iran. The company’s threat intelligence team said Tuesday it…
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed…
A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages…
Vanity links created by companies to add their brand to well-known cloud services could become a useful vector for phishing attacks and a way to better fool victims, researchers warn. Cloud services that don't check whether subdomains have been modified could allow links…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new security vulnerability to its list of actively exploited bugs, the critical severity CVE-2022-1388 affecting BIG-IP network devices. F5 customers using BIG-IP solutions include…
A British man has been charged in New York with unauthorized computer intrusion, securities fraud, wire fraud and other crimes, causing more than $5m of losses. According to a 10-count complaint made public yesterday, Idris Dayo Mustapha, 32, a UK citizen, and others used…
Microsoft has issued fixes for three zero-day vulnerabilities, including one being actively exploited in the wild, as part of its May monthly update round. Publicly disclosed flaw CVE-2022-26925 is a spoofing vulnerability in Windows LSA marked as “exploitation detected.”…