Category: Cyber Intel Briefs

Critical CVE-2022-24086- Critical Magento 0-Day Vulnerability- Improper input validation issue that could be weaponized to achieve arbitrary code execution. It’s a pre-auth flaw, which means it could be exploited without requiring credentials. https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html High Multiple vulnerabilities in Google Chrome browser CVE-2022-0603- Use after free in File Manager. CVE-2022-0604- Heap buffer overflow in Tab Groups CVE-2022-0605- Use after free in Webstore API These vulnerabilities/bugs affect Stable Channel and Extended stable channel. […]

Cyber / MSP / MSSP Windows Services lay the groundwork for a Midas ransomware attack- An attack on a technology vendor in Decemeber of 2021 used a ransomware known as Midas to leverage at least two different commercial remote access tools and an open source Windows Utility in the process. This poses a threat to MSP’s and other businesses who use many remote access tools as a part of their […]

Cyber / MSP / MSSP No major attacks have occurred this week, however MSPs will continue to remain a top target for attackers. Phishing will remain the top attack vector throughout 2022. 94% of all malware gets delivered by email — using social engineering techniques to trick users into opening malicious attachments or links. Phishing attacks still continue to grow rapidly: just this year, Acronis reported blocking 23% more phishing […]