June 2023 – Page 14 – PossibleThreat Articles

VMware patches critical vulnerabilities in Aria Operations for Networks

June 9, 2023 0 Comments aria operations for networks, command injection, cve-2023-20887, cve-2023-20888, cve-2023-20889, deserialization, Exploits and vulnerabilities, information disclosure, news, rce, vmware

Categories: Exploits and vulnerabilities

Categories: News

Tags: cve-2023-20887

Tags: cve-2023-20888

Tags: cve-2023-20889

Tags: vmware

Tags: Aria Operations for Networks

Tags: RCE

Tags: information disclosure

Tags: deserialization

Tags: command injection

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution

Microsoft Security

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

June 9, 2023 0 Comments

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 08 Jun 2023 16:00:00 +0000

Microsoft Defender Experts observed a multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targeting banking and financial services organizations over two days. This attack originated from a compromised trusted vendor, involved AiTM and BEC attacks across multiple supplier/partner organizations for financial fraud, and did not use a reverse proxy like typical AiTM attacks.

The post Detecting and mitigating a multi-stage AiTM phishing and BEC campaign appeared first on Microsoft Security Blog.

Microsoft Security

Join our digital event to learn what’s new in Microsoft Entra

June 9, 2023 0 Comments

Credit to Author: Irina Nechaeva| Date: Wed, 07 Jun 2023 16:00:00 +0000

Join us at the digital event Reimagine secure access with Microsoft Entra to explore how to make identity your first line of defense and to hear about innovative products.

The post Join our digital event to learn what’s new in Microsoft Entra appeared first on Microsoft Security Blog.

Security Sophos

More MOVEit mitigations: new patches published for further protection

June 9, 2023 0 Comments cve-2023-34362, data loss, moveit, progress, vulnerability

Credit to Author: Paul Ducklin| Date: Fri, 09 Jun 2023 21:54:19 +0000

Good news… more patches, this time available proactively

Security Sophos

Thoughts on scheduled password changes (don’t call them rotations!)

June 9, 2023 0 Comments passwords, Privacy

Credit to Author: Paul Ducklin| Date: Fri, 09 Jun 2023 16:58:50 +0000

Does swapping your password regularly make it a better password?

Security TrendMicro

Analyzing the FUD Malware Obfuscation Engine BatCloak

June 9, 2023 0 Comments trend micro research : articles, news, reports, trend micro research : cyber crime, trend micro research : cyber threats, trend micro research : endpoints, trend micro research : exploits & vulnerabilities, trend micro research : malware, trend micro research : phishing, trend micro research : privacy & risks

Credit to Author: Peter Girnus| Date: Fri, 09 Jun 2023 00:00:00 +0000

We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable (FUD) capabilities.

MalwareBytes Security

Unveiling Nebula’s Report 2.0: A new approach to security reporting

June 8, 2023 0 Comments Business

Categories: Business

We’re excited to announce Report 2.0, a major upgrade to our report system in Nebula.

MalwareBytes Security

Warning: Victims’ faces placed on explicit images in sextortion scam

June 8, 2023 0 Comments blackmail, deepfake, extortion, fake, fakes, FBI, personal, sextortion, synthetic

Categories: Personal

Tags: sextortion

Tags: deepfake

Tags: FBI

Tags: blackmail

Tags: extortion

Tags: fake

Tags: fakes

Tags: synthetic

We take a look at some new developments in sextortion cases via a warning issued by the FBI.

MalwareBytes Security

Update Chrome now! Google patches actively exploited zero-day

June 8, 2023 0 Comments chrome, cve-2023-3079, Exploits and vulnerabilities, Google, heap corruption, news, type confusion, v8

Categories: Exploits and vulnerabilities

Categories: News

Tags: Google

Tags: Chrome

Tags: V8

Tags: heap corruption

Tags: type confusion

Tags: CVE-2023-3079

Google has released a Chrome update for a zero-day for which an exploit is actively being used in the wild.

Independent Krebs Security

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

June 8, 2023 0 Comments barracuda networks, caitlin condon, cve-2023-2868, email security gateway, international computer science institute, Latest Warnings, mandiant, nicholas weaver, rapid7, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 08 Jun 2023 20:17:06 +0000

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.