Please consider updating your browser. Some parts of the website may not function as intended.

FBI & CISA Warning – FortiOS Vulnerabilities are Actively Exploited

FortiOS Vulnerabilities

APT’s exploit Fortinet FortiOS vulnerabilities to compromise systems belonging to government and commercial entities, warn US agencies. Threat actors are scanning for three high severity vulnerabilities that have not been patched. CVE-2018-13379, CVE-2020-12812 and, CVE-2019-5591 are actively being exploited. Each of these vulnerabilities is public and the vendor issued patches, but unless IT administrators apply […]

“Chained” PHP Git server compromised to add back doors to PHP source code

php git server

The official PHP Git repository suffered a software supply chain attack this week. Two malicious commits were pushed to the repository, where the attackers sign the commits with falsified but plausible aliases. An RCE backdoor was uploaded, which executes a backdoor in the HTTP protocol’s user agent header field. According to the PHP maintainers, the […]

Linux Kernel Found 3 Year Old Vulnerabilities that Allow Root Access

Linux Kernel

“Bad Things Come in Threes.” Three historical vulnerabilities have been discovered in the Linux kernel. If exploited, it could be used to gain root access to those systems. The original researchers from the security firm GRIMM have stated that these vulnerabilities remained undiscovered for 15 years. The vulnerabilities exist in the Linux kernel SCSI (Small […]

“Falsified” Fake Google reCAPTHA Phishing Attack Swipes Office 365 Passwords

google recaptha

Phishing attacks targeting Microsoft users are leveraging a fake Google reCAPTCHA page. Attackers are sending thousands of emails to steal Office 365 account credentials. Combined with the forged reCAPTCHA ruse, top-level domain landing pages that include the victim’s company logo were discovered. Researchers say that at least 2,500 emails have been flagged after being sent […]

“Delivery“ Malicious NPM Packages Target Amazon and Slack with Dependency Attacks

Malicious NPM Packages

Threat actors are targeting companies to include Zillo, Amazon and Slack’s NodeJS applications by using a new vulnerability known as “Dependency Confusion”. By utilising this vulnerability, attacks can steal Unix based system password files and open reverse shells back to an attacker. The attacker creates packages utilising the same names as a company’s internal component […]

MacOS Malware “Not So Silver Linings”

Apple’s new M1 chips had no known malware for them…until now. A vulnerability dubbed the “Silver Sparrow” is an activity cluster that includes a malicious binary compiled to run on the new model. What is unique about this vulnerability, and does it lack a payload? Silver Sparrow uses a launch agent to establish persistence, which […]

“Sharing is Caring” Unpatched ShareIT Android App Vulnerability Could Allow Hackers to Inject Malware

ShareIT Android App

Several unpatched vulnerabilities were discovered in the ShareIT Android application by Trend Micro, an app with over one billion downloads that is used for sharing files between users and their devices. The vulnerability is believed to have been unpatched for three months, which allows an attacker to achieve remote code execution (RCE) on the victim’s […]

“Infernal” Actively Exploited Windows Kernel EoP Bug Allows Takeover

Microsoft bug

Microsoft has secured 56 vulnerabilities in the February patch Tuesday, this includes 11 critical vulnerabilities, 6 of which were publicly known. The patches cover components in Microsoft Windows, the .NET framework, Azure IoT, Azure Kubernetes Service, Edge for Android, Exchange server, MSS office services, and web applications, Sky for Business and Lynx, and Microsoft Defender. […]

Ransomware Gangs are Abusing VMWare ESXi Exploits to Encrypt Virtual Hard Disks

Ransomware attack

Two CVE’s associated with VMWare ESXi are being exploited in the Wild. One major ransomware gang is abusing vulnerabilities on the ESXi platform to take over virtual machines deployed in enterprise environments by encrypting their virtual hard drives. CVE’s 2019-5544 and 2020-3992 impact the Service Location Protocol (SLP), used by devices on the same network […]

”Forged DNA”: Cisco DNA Center Bug Opens Enterprises to Remote Attack

cisco dna center

A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the Cisco Digital Network Architecture (DNA) center, which could put enterprise users at risk of remote attacks and takeovers. CVE-2021-1257 as it is designated, is present in the web management interface of the Cisco DNA Center. This web interface is a centralised network-management and orchestration […]

Risk Crew