Latest Warning news

Microsoft pulls fix for Outlook bug behind ICS security alerts

Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates
- Sergiu Gatlan
- April 23, 2024
- 05:50 PM
- 0
FBI warns of massive wave of road toll SMS phishing attacks

On Friday, the Federal Bureau of Investigation warned of a massive ongoing wave of SMS phishing attacks targeting Americans with lures regarding unpaid road toll fees.
- Sergiu Gatlan
- April 12, 2024
- 02:56 PM
- 1
US Health Dept warns hospitals of hackers targeting IT help desks

The U.S. Department of Health and Human Services (HHS) warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health (HPH) sector.
- Sergiu Gatlan
- April 06, 2024
- 11:09 AM
- 0
Red Hat warns of backdoor in XZ tools used by most Linux distros

Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.
- Sergiu Gatlan
- March 29, 2024
- 01:50 PM
- 2
Germany warns of 17K vulnerable Microsoft Exchange servers exposed online

The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities.
- Sergiu Gatlan
- March 26, 2024
- 03:21 PM
- 4
CISA urges software devs to weed out SQL injection vulnerabilities

CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection (SQLi) security vulnerabilities before shipping.
- Sergiu Gatlan
- March 25, 2024
- 02:26 PM
- 1
KDE advises extreme caution after theme wipes Linux user's files

On Wednesday, the KDE team warned Linux users to exercise "extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance.
- Sergiu Gatlan
- March 21, 2024
- 03:05 PM
- 10
FTC warns scammers are impersonating its employees to steal money

The U.S. Federal Trade Commission (FTC) warned today that scammers are impersonating its employees to steal thousands of dollars from Americans.
- Sergiu Gatlan
- March 19, 2024
- 03:19 PM
- 0
CISA cautions against using hacked Ivanti VPN gateways even after factory resets

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets.
- Sergiu Gatlan
- February 29, 2024
- 03:35 PM
- 1
FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks

Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks.
- Sergiu Gatlan
- February 27, 2024
- 05:26 PM
- 0
VMware urges admins to remove deprecated, vulnerable auth plug-in

VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.
- Sergiu Gatlan
- February 20, 2024
- 04:00 PM
- 0
ConnectWise urges ScreenConnect admins to patch critical RCE flaw

ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks.
- Sergiu Gatlan
- February 20, 2024
- 11:48 AM
- 2
New Fortinet RCE bug is actively exploited, CISA confirms

CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.
- Sergiu Gatlan
- February 09, 2024
- 04:02 PM
- 3
Americans lost record $10 billion to fraud in 2023, FTC warns

The U.S. Federal Trade Commission (FTC) says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year.
- Sergiu Gatlan
- February 09, 2024
- 10:21 AM
- 2
Ivanti: Patch new Connect Secure auth bypass bug immediately

Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.
- Sergiu Gatlan
- February 08, 2024
- 02:45 PM
- 0
Microsoft Outlook December updates trigger ICS security alerts

Microsoft is investigating an issue that triggers Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates.
- Sergiu Gatlan
- February 05, 2024
- 05:03 PM
- 2
CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday

CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday.
- Sergiu Gatlan
- February 01, 2024
- 08:49 AM
- 0
Ivanti warns of new Connect Secure zero-day exploited in attacks

Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.
- Sergiu Gatlan
- January 31, 2024
- 08:41 AM
- 0
FBI: Tech support scams now use couriers to collect victims' money

Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams.
- Sergiu Gatlan
- January 29, 2024
- 11:31 AM
- 0
Ivanti: VPN appliances vulnerable if pushing configs after mitigation

Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities.
- Sergiu Gatlan
- January 22, 2024
- 01:24 PM
- 0