Ensuring the security of your Windows 10 system is a complex task, but an essential one to protect your data and maintain system integrity. The Center for Internet Security (CIS) offers comprehensive benchmarks to help you improve your cybersecurity posture. We’ve provided a simplified version of the Windows 10 CIS benchmark in this article, although […]
Tag: small business
Major MikroTik RouterOS Flaw Puts Over Half a Million Devices at High Risk
CVE-2023-30799 MikroTik RouterOS Security Gap An acute privilege elevation vulnerability in MikroTik RouterOS exposes devices to potential remote hacking, allowing attackers to execute arbitrary code and gain total control over the compromised equipment. Labelled as CVE-2023-30799 (CVSS score: 9.1), this weakness is believed to place between 500,000 and 900,000 RouterOS systems at risk of being […]
Exploitation of Windows Search Feature by Hackers to Deploy Remote Access Trojans
As per cybersecurity analysts at Trellix, an authentic Windows search feature has become the latest tool in the hacker’s arsenal. Malicious actors are exploiting this feature to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans, specifically AsyncRAT and Remcos RAT. The unique attack technique misuses the “search-ms:” URI protocol […]
Massive Data Breach: Over 400 Organizations Hit by CLOP Ransomware’s MOVEit Exploitation
CVE-2023-34362 The Russian cybercriminal group known as ‘Clop’ leveraged a weakness in the MOVEit product suite by Progress Software in late May, leading to extensive data theft from unguarded networks. As per the German cybersecurity research enterprise, KonBriefing, the MOVEit security breach has affected a staggering 421 organizations and over 22 million individuals to date. […]
Zimbra Issues Alert About Actively Exploited Critical Vulnerability in Email Software
CVE-2023-34192 Zimbra, the email software provider, has raised an alert about a severe zero-day vulnerability in its software that’s currently being exploited in real-world attacks. The company has identified a security flaw in the Zimbra Collaboration Suite Version 8.8.15 that could potentially compromise the privacy and integrity of users’ data, according to its advisory. While […]
Attackers Targeting WooCommerce Payments Plugin Security Flaw to Hijack Websites
CVE-2023-28121 A recently disclosed critical vulnerability in the WooCommerce Payments WordPress plugin is actively being exploited by cybercriminals as part of a wide-scale targeted attack. Identified as CVE-2023-28121 (CVSS score: 9.8), the flaw involves an authentication bypass allowing unauthorized attackers to mimic arbitrary users, potentially including administrators. This could lead to the complete takeover of […]
Microsoft Word Exploitations Unleash LokiBot Malware
Known vulnerabilities in Microsoft Word are now being exploited by cybercriminals as phishing traps to deliver the malicious LokiBot on compromised systems. “LokiBot, also referred to as Loki PWS, is a notorious information-stealing Trojan, which has been on the radar since 2015,” says Cara Lin from Fortinet FortiGuard Labs. “Its primary targets are Windows systems […]
File transfer software hacked, MOVEit Transfer
Nova Scotia’s Cybersecurity Breach Affects Region of Queens Municipality June 15, 2023: A cybersecurity intrusion occurred on May 29 and 30, 2023, influencing data files within the MOVEIt file transfer system employed by the Nova Scotia government and other organizations for transmitting large files. The breach had a direct impact on the Region of Queens […]
Microsoft Curbs Chinese Cyber Espionage Aiming at Western European Governments
Date: July 12, 2023 | Threat Intel / Cyber Espionage On Tuesday, Microsoft declared that it had successfully thwarted a cyber espionage attempt led by a Chinese nation-state actor. This operation targeted two dozen entities, including several government agencies, with the intent to seize sensitive data. Starting on May 15, 2023, the cyber assault began […]
Critical Security Flaws Detected in SonicWall and Fortinet Network Security Tools
Critical Security Flaws Detected in SonicWall and Fortinet Network Security Tools Date: July 13, 2023 | Network Security / Vulnerability SonicWall and Fortinet, the network security giants, have recently alerted their clients about multiple security breaches found in their firewall management and network reporting engine tools – the Global Management System (GMS) and Analytics respectively. […]