Blog

Apple Mail Zero-Click Security Vulnerability Allows Email Snooping

The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached. A zero-click security vulnerability in Apple’s macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail’s sandbox environment, leading to a range of attack types. According to

Read More

Critical Cloud Bug in VMWare Carbon Black Allows Takeover

CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain. A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution. The bug (CVE-2021-21982) ranks 9.1 out of 10 on

Read More

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks

Industrial enterprises in Europe are target of campaign, which forced a shutdown of industrial processes in at least one of its victims’ networks, according to researchers. Threat actors are exploiting a Fortinet vulnerability flagged by the feds last week that delivers a new ransomware strain, dubbed Cring, that is targeting industrial enterprises across Europe. Researchers

Read More

IcedID Circulates Via Web Forms, Google URLs

Attackers are filling out and submitting web-based “contact us” forms, thus evading email spam filters. Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft. Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages

Read More