Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. “The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue,” ReliaQuest said in a report published this week. The cybersecurity company
Read More
Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. “Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents,” the company said. “This suggests potential collaboration
Read More
Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below – Successful exploitation of the flaws could enable an attacker to log in to the affected system with administrative privileges, and obtain log files that contain sensitive data, including
Read More
Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users. The revised Terms of Use now states – You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe
Read More
Our mission is to educate our customer base, build capacity in every country we operate in and make cyber security affordable to all