(954) 237-7797
Let's Talk
Blog
June 23, 2022 by Vertical Axion
File this away under “good news, bad news.” The bad news is that there’s a new, critical zero-day threat to be concerned about. The threat has been dubbed ‘Follina.’ It is being tracked as CVE-2022-30190 and is being described by Microsoft as an MSDT (Microsoft Windows Support Diagnostic Tool) remote code execution flaw that impacts […]
Read more »
Tagged
June 22, 2022 by Vertical Axion
Are you planning on setting up an Exchange server soon or are you running one now? If so, be aware that Microsoft is changing their guidance when it comes to the technology and specifically running a server on-premises. Two years ago, the Redmond giant announced that the next versions of their Skype for Business Server, […]
June 21, 2022 by Vertical Axion
Unless you’re an IT Security Professional, you may never have heard of EnemyBot. It is a bit like the Frankenstein of malware threats, a botnet that has borrowed code from multiple different sources. While that’s not terribly original, it does make it dangerous. The hackers behind the code are actively adding new exploits as newly […]
June 20, 2022 by Vertical Axion
If you’re deeply involved in IT security, you may already be familiar with the ERMAC Android banking trojan. If this is the first time you’re hearing of it, be aware that the hackers who authored the malicious code have recently released ERMAC 2.0, which represents a significant upgrade in capabilities from the previous iteration. ERMAC’s […]
June 18, 2022 by Vertical Axion
Are you one of the legions of users making use of the Screencastify Chrome extension? It’s a fantastic Chrome extension that allows you to almost effortlessly create screencasts for a variety of purposes. Unfortunately, the web extension also suffers from a critical security vulnerability that allows attackers to take control of a user’s webcam and […]
June 17, 2022 by Vertical Axion
Are you a Google Chrome user? If so, be aware that the company recently released a stable version of Chrome 102 and is urging all users of its browser to update right away. The latest release contains a total of 32 security fixes on Windows, Mac and Linux. Of the 32 flaws addressed, eight are […]
June 16, 2022 by Vertical Axion
Do you own a Chevrolet, Buick, GMC, or Cadillac? If so, be aware that GM recently acknowledged that they fell victim to a credential stuffing attack a little over a month ago. The attack exposed some customer information to the attackers and allowed them to redeem an undisclosed number of rewards points for gift cards. […]
June 14, 2022 by Vertical Axion
A browser hijacker called “ChromeLoader” has had a large uptick in detections this month, which is raising eyebrows among security professionals. ChromeLoader can modify a victim’s web browser settings to show search results that promote unwanted (and usually spammy) software, annoying pop-up ads, fake giveaways, adult games, dating sites, surveys, and the like. As malware […]
June 13, 2022 by Vertical Axion
HTML attachments as an attack vector may seem a little old school. However, according to statistics compiled by Kaspersky Lab indicates that in 2022, that form of attack is not just simply still being employed, but hackers are making surprisingly regular use of it. The security company detected more than two million emails of this […]
June 11, 2022 by Vertical Axion
Do you own and manage a WordPress site either personally or as part of your business? Do you also use the Tatsu plugin which offers a powerful suite of in-browser editing features and has been installed by more than 100,000 users worldwide? If so, be aware that there is a serious security flaw in the […]
June 10, 2022 by Vertical Axion
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory that serves as a stark warning. If you’re using VMware products that are impacted by recently disclosed critical security flaws, either patch them immediately or remove them from your network. CISA issued the dire warning because the last time critical security flaws were discovered […]
June 9, 2022 by Vertical Axion
If you’re not familiar with the term, a Zero Day exploit is a security flaw that the software vendor is not aware of and hasn’t yet patched. In many (but not all) cases, Zero Day Vulnerabilities will also have publicly available proof-of-concept exploits before a patch becomes available. Quite often, these flaws are being actively […]
June 8, 2022 by Vertical Axion
Phishing campaigns get more effective the more closely they can imitate a trusted source. Recently, security researchers at Fortinet discovered evidence of a phishing campaign that specifically targets Microsoft Windows users and installs three different types of malware on the systems it manages to infect. Among other things, this campaign gives the hackers behind it […]
June 7, 2022 by Vertical Axion
Security researchers employed by Microsoft have recently spotted a variant of the Sysrv botnet. They have dubbed the new variant Sysrv-K. This new variant works in two ways. First, it exploits a flaw in the Spring Cloud Gateway that allows remote code execution (tracked as CVE-2022-22947). Second, the botnet scans the web for WordPress plugins […]
June 6, 2022 by Vertical Axion
HP recently released a BIOS update to address a pair of high-severity vulnerabilities that affect a wide range of PC and notebook products offered by the company. In both cases, the vulnerabilities would allow an attacker to execute code arbitrarily and with Kernel level privileges. The two flaws are being tracked as CVE-2021-3808 and CVE-2021-3809 […]
June 4, 2022 by Vertical Axion
Do you use a Zyxel firewall? If so, there’s good news. The company has fixed an issue you may not have even been aware that you had. The company pushed out the fix in a silent update a little over two weeks ago, but when they implemented the push, they didn’t provide many details about […]
June 1, 2022 by Vertical Axion
At least one group of hackers has learned a new trick you need to be aware of. Security researchers at Kapersky Lab have discovered a malicious campaign-in-progress that is using event logs to store malware. That is a technique that has not been seen or documented until now. This new methodology is designed for maximum […]
May 31, 2022 by Vertical Axion
The name Kevin Beaumont may not be familiar to you, but if you’re a Linux or Solaris user, he may have just saved you a whole lot of grief. Recently, Mr. Beaumont discovered a stealthy backdoor malware that has been quietly infecting Linux and Solaris SPARC systems for more than five years. BPFdoor only parses […]
May 30, 2022 by Vertical Axion
Hackers around the world are increasingly targeting verified Twitter accounts with emails designed to pilfer your Twitter login credentials. Verified Twitter accounts differ from standard Twitter accounts in that they sport a large blue check mark next to the user’s name, which indicates that the person who owns the account is someone of considerable influence […]
May 28, 2022 by Vertical Axion
The MalwareHunterTeam recently discovered a new ransomware operation that is particularly nasty. Called Onyx, outwardly, the operation does what most ransomware campaigns do. It gets inside a corporate network, exfiltrates the data that it wants, then seems to encrypt the rest, and then threatens to release the files to the broader public unless their demands […]
May 27, 2022 by Vertical Axion
Google SMTP relay service is wildly popular and used every day by legions of users. Unfortunately, hackers around the world are aware of this and increasingly they’ve begun abusing the SMTP relay service. The basic idea is as follows. Some clever hackers have figured out that they can bypass email security products and deliver malicious […]
May 26, 2022 by Vertical Axion
Google has been making some fantastic changes to bolster user security in recent weeks. That includes changes to their Google Play Store that will require developers to disclose exactly what data they plan to track and collect when users install the apps they create. In a related vein, the tech giant has also recently added […]
May 24, 2022 by Vertical Axion
Some interesting and disturbing changes are afoot in the hacking world. It appears that the TrickBot gang is now working for the Conti Syndicate. TrickBot is a well-known group of botnet developers responsible for the creation of the BazarLoader. BazarLoader has been used by Conti in the past as their delivery system of choice when […]
May 23, 2022 by Vertical Axion
There’s a big change coming to the Microsoft Edge browser. Big enough that it may prompt some users to switch to Edge. Recently, Microsoft announced that they’ll be adding a free built-in VPN (Virtual Private Network) service to Edge as part of a long-anticipated security upgrade. Called “Edge Secure Network,” the Redmond giant is currently […]
