Citrix has issued a patch for a critical flaw affecting Citrix ADC and Citrix Gateway, adding that the company is aware of attacks against the vulnerability in the wild. The vulnerability, tracked under CVE-2022-27518, affects Citrix ADC and Citrix Gateway versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32. “Both must be configured with…
Targeting Windows computers, these are typical ransomware families that encrypt victim files and demand a ransom payment in exchange for a decryption key. This new ransomware has been used in an increasing number of attacks. Aerst was seen appending to encrypted files the ‘.aerst’ extension and displaying a popup window containing the attacker’s email address,…
Congress is considering a US federal privacy law. It’s been brewing for the last ten years and is getting closer. On July 20, 2022, the House Energy and Commerce Committee overwhelmingly voted (53-2) to advance the American Data Privacy and Protection Act (ADPPA), H.R. 8152, to the full House of Representatives. But there are still…
A year ago, in December 2021, the Log4Shell vulnerability (CVE-2021-44228) in the Apache Log4j library caused a sensation. Although by the spring it was no longer on the front pages of IT media outlets, in November 2022 it reemerged when it was reported that cybercriminals had exploited the vulnerability to attack a US federal agency…
It’s not been a great week for cloud computing service provider Rackspace. On December 2, customers began experiencing problems connecting and logging into their Exchange environments. Rackspace started investigating and discovered an issue that affected its Hosted Exchange environments. Now Rackspace has announced it was actually a ransomware incident that caused the service disruptions. While…
Two women filed a proposed class-action lawsuit on Monday, December 5, in the United States District Court for the Northern District of California against Apple, the makers of AirTags. Airtags are a small Bluetooth-enabled devices designed to track personal belongings. The suit accuses the company of failure to introduce measures to combat abuse of the…
The legal salvo came as problems are mounting for TikTok in the United States, with multiple accusations that the extremely popular app is a national security threat and a conduit for spying by China. “The TikTok app is a malicious and menacing threat unleashed on unsuspecting Indiana consumers by a Chinese company that knows full…
Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the wild. No other technical details have been shared about this zero-day flaw, only that it was reported by security engineer Clement Lecigne of Google’s Threat Analysis Group (TAG),…
eBook: Getting Started with ATT&CK This free eBook pulls together the content from blog posts on threat intelligence, detection and analytics, adversary emulation and red teaming, and assessments and engineering onto a single, convenient package. CALDERA CALDERA is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response….
The GAO pointed out that the DHS, CISA and NIST have issued guidance, alerts, advisories, and other resources in an effort to help federal and private entities manage the cybersecurity risks associated with internet-of-things (IoT) and operational technology (OT) systems. While steps have been taken to protect critical infrastructure against cyberattacks, GAO believes more should…
Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw
