Google Logo

Europe & Latin America Targeted by Banking Trojans Through Google Cloud Run

Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe.  “The infection chains associated with these malware families feature the use of malicious Microsoft Installers (MSIs) that function[…]

Microsoft Logo

Patches Released by Microsoft to Tackle Two Windows Zero-Day Exploits, as well as 71 Other Vulnerabilities

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation.  Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition[…]

Padlock

VMware, CISCO, and Fortinet release patches for critical vulnerabilities!

Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices.  The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – impacting Cisco Expressway Series that could allow[…]

Jenkins Logo

Servers Vulnerable to RCE Attacks Due to a Vulnerability in Jenkins

The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE).  The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the built-in command line[…]

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks

Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution.  The list of flaws, which were reported anonymously way back in June 2022, is as follows –  CVE-2023-42114 (CVSS score: 3.7) – Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability […]