Frank Crast, Author at Securezoo

Chinese threat actors targeting U.S. government agencies and these 4 CVEs

Cybersecurity Articles, Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / September 15, 2020 / BIG-IP, Citrix, CVE-2019-11510, CVE-2019-19781, CVE-2020-0688, CVE-2020-5902, DHS, Exchange, F5, Microsoft, MSS, Pulse Secure, VPN

Chinese Ministry of State Security (MSS)-affiliated cyber threat actors are targeting U.S. government agencies, as well as exploiting four popular vulnerabilities over the past 12 months.

Chinese threat actors targeting U.S. government agencies and these 4 CVEs Read More »

Palo Alto Networks fixes Critical PAN-OS vulnerability (CVE-2020-2040)

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 14, 2020 / buffer overflow, CVE-2020-2040, DOS, PAN-OS, XSS

Palo Alto Networks has fixed a Critical buffer overflow vulnerability that could allow an attacker to execute remote code as root on PAN-OS devices, along with multiple other High severity issues.

Palo Alto Networks fixes Critical PAN-OS vulnerability (CVE-2020-2040) Read More »

2020 Threat Landscape Report reveals new themes and evolving threats

Cybersecurity Articles, Cybersecurity Attacks, Internet of Things (IoT), Malware / Frank Crast / September 13, 2020 / AgentTesla, Android, banking, Coronavirus, COVID-19, Cryptocurrency, Dridex, Emotet, EOL, Fileless, FritzFrog, IOT, KryptoCibule, Maze, Snake, Trickbot, VPN

Security firm Bitdefender published its mid-year Threat Landscape Report 2020 that reveals how cybersecurity threats and malware play on the pandemic theme.

2020 Threat Landscape Report reveals new themes and evolving threats Read More »

Equinix discloses ransomware incident

Cybersecurity Attacks, Malware / Frank Crast / September 10, 2020 / data center, Equinix, malware, Ransomware

Equinix, a leader in global colocation data centers, disclosed it experienced a ransomware incident that affected internal systems.

Equinix discloses ransomware incident Read More »

Microsoft September 2020 Security and Adobe Updates

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 9, 2020 / ASP.NET, Azure DevOps, ChakraCore, CVE-2020-0878, CVE-2020-0908, CVE-2020-0922, CVE-2020-0997, CVE-2020-1057, CVE-2020-1129, CVE-2020-1172, CVE-2020-1182, CVE-2020-1200, CVE-2020-1210, CVE-2020-1252, CVE-2020-1285, CVE-2020-1319, CVE-2020-1452, CVE-2020-1453, CVE-2020-1460, CVE-2020-1508, CVE-2020-1576, CVE-2020-1593, CVE-2020-1595, CVE-2020-16857, CVE-2020-16862, CVE-2020-16874, CVE-2020-16875, Edge, Exchange Server, Internet Explorer, Microsoft Dynamics, Microsoft JET Database Engine, Microsoft Office, OneDrive, SQL Server, Visual Studio, Windows

Microsoft has released the September 2020 Security updates that includes patches for 129 vulnerabilities, 24 of them rated Critical. Adobe also released updates for Experience Manager, Framemaker and InDesign.

Microsoft September 2020 Security and Adobe Updates Read More »

Google releases Chrome security update (85.0.4183.102)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 9, 2020 / Android, Chrome, CVE-2020-15959, CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576

Google has released Chrome 85.0.4183.102 security update for Windows, Mac and Linux. An attacker could exploit these vulnerabilities to take control of impacted systems.

Google releases Chrome security update (85.0.4183.102) Read More »

Critical File Manager plugin vulnerability affects 700k WordPress Websites

Application Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 7, 2020 / elFinder, File Manager, PHP, WordPress

Developers have updated the WordPress plugin File Manager to fix a critical vulnerability that could have allowed hackers to gain complete access to nearly 700 thousand WordPress websites.

Critical File Manager plugin vulnerability affects 700k WordPress Websites Read More »

Cisco patches Critical Jabber RCE vulnerability (CVE-2020-3495) and 15 other security fixes

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 3, 2020 / Cisco, CVE-2020-3495, Jabber

Cisco issued a security advisory and patch for a new Cisco Jabber software RCE vulnerability CVE-2020-3495, as well as security fixes for multiple other products.

Cisco patches Critical Jabber RCE vulnerability (CVE-2020-3495) and 15 other security fixes Read More »

KryptoCibule malware: triple threat to cryptocurrencies

Cybersecurity Attacks, Malware / Frank Crast / September 3, 2020 / Avast, BitTorrent, Cryptocurrency, Czech Republic, ESET, KryptoCibule, malware, Slovakia

Security researchers have discovered a new malware dubbed KryptoCibule that poses a triple threat to victim’s cryptocurrency resources. Attackers are using KryptoCibule to abuse victim’s resources to mine coins, hijack cryptocurrency transactions and exfiltrate cryptocurrency-related files. The name KryptoCibule derives from the Czech and Slovak words for “crypto” and “onion” respectively. According to ESET researchers,

KryptoCibule malware: triple threat to cryptocurrencies Read More »

Cisco warns of IOS XR zero-day vulnerability exploit in the wild (CVE-2020-3566)

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / August 31, 2020 / Cisco, CVE-2020-3566, DVMRP, IGMP, IOS XR, Networking

Cisco issued a security advisory warning of a new Cisco IOS XR software zero-day vulnerability CVE-2020-3566 under active exploit in the wild.

Cisco warns of IOS XR zero-day vulnerability exploit in the wild (CVE-2020-3566) Read More »