Frank Crast, Author at Securezoo

WordPress plugin WPBakery vulnerability exposed over 4M sites

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 13, 2020 / Wordfence, WordPress, WPBakery, XSS

A WordPress plugin WPBakery Authenticated Stored Cross-Site Scripting (XSS) vulnerability has exposed over 4M sites.

WordPress plugin WPBakery vulnerability exposed over 4M sites Read More »

Microsoft takes down TrickBot malware infrastructure

Cybercrime, Cybersecurity Attacks, Malware / Frank Crast / October 12, 2020 / banking, Emotet, malware, Trickbot

Microsoft has worked with telecommunications providers worldwide to take down TrickBot malware infrastructure. TrickBot traces its roots back to 2016 as a modular banking trojan designed to steal information and distribute other malware to infected systems.

Microsoft takes down TrickBot malware infrastructure Read More »

APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations

Cybersecurity Articles, Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / October 10, 2020 / BIG-IP, CISA, Citrix, CVE-2018-13379, CVE-2019-11510, CVE-2019-19781, CVE-2020-1472, CVE-2020-15505, CVE-2020-2021, CVE-2020-5902, F5, FortiGuard, FortiOS, MobileIron, Netscaler, Palo Alto Networks, Pulse Secure, Zerologon

Advanced persistent threat actors (APTs) are exploiting multiple legacy vulnerabilities in combination with newer “Zerologon” to target government networks, critical infrastructure, and elections organizations.

APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations Read More »

QNAP Helpdesk software vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 9, 2020 / CVE-2020-2506, CVE-2020-2507, NAS, QNAP, QSnatch, storage, VPNFilter

QNAP Systems has patched two access control vulnerabilities that affect QTS Helpdesk software.

QNAP Helpdesk software vulnerabilities Read More »

Cisco patches Webex Teams and surveillance camera vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 8, 2020 / Cameras, CVE-2020-3467, CVE-2020-3535, CVE-2020-3544, DLL hijacking, ISE, RBAC, Webex

Cisco has patched high risk Webex Teams, video surveillance camera and Identity Services Engine (ISE) vulnerabilities.

Cisco patches Webex Teams and surveillance camera vulnerabilities Read More »

Google releases Chrome security update (86.0.4240.75)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 7, 2020 / Chrome, CVE-2020-15967

Google has released Chrome 86.0.4240.75 security update for Windows, Mac and Linux. An attacker could exploit these vulnerabilities to take control of impacted systems.

Google releases Chrome security update (86.0.4240.75) Read More »

Ttint IoT botnet exploits 2 zero-days to spread RAT

Cybersecurity Attacks, Internet of Things (IoT), Malware, Network Security / Frank Crast / October 5, 2020 / botnet, malware, Netlab, RAT, Trojan, Ttint

A new IoT botnet dubbed Ttint now targets two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT) based on Mirai botnet source code.

Ttint IoT botnet exploits 2 zero-days to spread RAT Read More »

SlothfulMedia: new malware variant used by “sophisticated actors”

Malware / Frank Crast / October 2, 2020 / C2, CISA, CNMF, DOD, mediaplayer, RAT, SlothfulMedia

Security experts warned of a new malware variant dubbed SlothfulMedia has been used by a “sophisticated cyber actor.”

SlothfulMedia: new malware variant used by “sophisticated actors” Read More »

GADOLINIUM threat actors use cloud services and open source tools in cyberattacks

Cloud Security, Cybersecurity Articles, Cybersecurity Attacks, Malware / Frank Crast / October 2, 2020 / C2, COVID-19, GADOLINIUM, GitHub, KRYPTON, Microsoft, PowerSHell, ZINC

Security experts from Microsoft have observed a cyber threat actor dubbed GADOLINIUM that uses new attack techniques via cloud services and open source tools.

GADOLINIUM threat actors use cloud services and open source tools in cyberattacks Read More »

UHS hospitals hit by reported Ryuk ransomware cyberattack

Cybersecurity Attacks, Malware / Frank Crast / September 28, 2020 / healthcare, malware, Ransomware, UHS

Universal Health Services (UHS) hospitals was allegedly hit by a Ryuk ransomware cyberattack early Sunday morning, some sources say.

UHS hospitals hit by reported Ryuk ransomware cyberattack Read More »