Multiple vulnerabilities have been discovered in SimpleHelp RMM that could allow for arbitrary code execution. SimpleHelp is a popular remote access software. Successful exploitation of the most severe of these vulnerabilities when chained together could allow for...
Data Privacy Week (January 27-31) is an annual campaign to spread awareness about online privacy and empower users and organizations to respect privacy, safeguard data, and enable trust. A user’s online activity generates a wealth of data that websites and companies can collect.
This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies, organizations, and individuals in guarding against the persistent malicious actions of cybercriminals. Multiple vulnerabilities have been discovered in Apple...
A vulnerability has been discovered in SonicWall Secure Mobile Access (SMA) 1000 Series Appliances which could allow for remote code execution. SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access apps
Analysts discovered ongoing campaigns linked to two distinct Russian threat groups employing similar social engineering tactics to deliver ransomware. Analysts identified the campaigns while researching BeaverTail malware associated with...
Tax season is ripe with social engineering schemes designed to steal tax information, including W-2 personally identifiable information (PII), dates of birth, bank account or credit card numbers, and driver's license numbers. The emails include a fraudulent link to pay taxes...
The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this Joint Cybersecurity Advisory in response to exploitation in September 2024 of vulnerabilities in Ivanti Cloud Service Appliances (CSA) listed below.
Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution. There are many systems affected, including: Enterprise Manager for MySQL Database, version 13.5.2.0.0, and more.
Authentication bypass vulnerability CVE-2024-55591 (CVSSv3.1 9.6/10 Critical) in Fortinet’s FortiOS versions 7.0.0-7.0.16 and FortiProxy versions 7.0.0-7.0.19 and 7.2.0-7.2.12 could allow a remote threat actor to obtain super-admin privileges via specially crafted requests to the Node.js...
In April 2024, the NJCCIC reported an uptick in unpaid road toll SMiShing scams. Similar SMiShing scams have resurfaced, as threat actors are impersonating multiple road toll agencies nationwide to target New Jersey residents to collect personal and financial information.
