CISA publishes reports on DearCry ransomware and China Chopper Web Shell malware linked to Exchange Server exploits (update-2)

The Cybersecurity and Infrastructure Security Agency (CISA) has published reports on DearCry ransomware and China Chopper Web Shell malware linked to recent Exchange Server exploits. Attackers can use this malware to further compromise on-premise Microsoft Exchange servers and launch other attacks.

Continue Reading CISA publishes reports on DearCry ransomware and China Chopper Web Shell malware linked to Exchange Server exploits (update-2)

Legacy QNAP NAS devices vulnerable to zero-day cyberattacks

Security researchers have warned legacy QNAP NAS devices are vulnerable to zero-day cyberattacks. Although QNAP patched two vulnerabilities in recent firmware updates, the company acknowledged patches were not yet available for certain legacy devices.

Continue Reading Legacy QNAP NAS devices vulnerable to zero-day cyberattacks

FBI and CISA issue urgent joint cybersecurity advisory on Exchange server hacks

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an urgent joint cybersecurity advisory on the Microsoft Exchange vulnerability exploits.

Continue Reading FBI and CISA issue urgent joint cybersecurity advisory on Exchange server hacks

Microsoft releases emergency patches for Exchange Server RCE vulnerabilities exploited in the wild (Updated)

Microsoft has released emergency out-of-band security updates to fix multiple Critical vulnerabilities impacting Microsoft Exchange Server 2013, 2016 and 2019. The tech giant also published interim mitigations if organizations can not patch immediately, as well as an IOC detection tool.

Continue Reading Microsoft releases emergency patches for Exchange Server RCE vulnerabilities exploited in the wild (Updated)

Adobe releases security updates for Adobe Acrobat and Reader, other products (CVE-2021-21017 exploited in wild)

Adobe has released security updates to address multiple vulnerabilities in Adobe Acrobat and Reader, as well as Magento, Photoshop, Animate, Illustrator and Dreamweaver. Moreover, the software giant addressed one Critical vulnerability CVE-2021-21017 exploited in the wild.

Continue Reading Adobe releases security updates for Adobe Acrobat and Reader, other products (CVE-2021-21017 exploited in wild)