Widespread ransomware attacks affecting VMware ESXi servers
Affected Systems: Description: A worldwide ransomware campaign targets unpatched VMware ESXI servers that are vulnerable to a remote code execution vulnerability discovered in 2021. The…
Category: Threat Intelligence Alerts
Latest threats and guidance from the cyber and fraud world
Large-scale malware campaign uses Microsoft OneNote files to spread malicious links
Description: Researchers at Sophos have published research detailing a new malware campaign using Microsoft OneNote documents (also called “Notebooks” by Microsoft) to spread malicious files through phishing…
QNAP devices found to have critical code injection vulnerability
Description: A code injection vulnerability with a critical severity rating has been found within QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. QNAP warns…
Critically vulnerable WordPress plugin ‘LearnPress’ version still used in over 75 thousand websites
Description: Security researchers at Patchstack have published research detailing multiple vulnerabilities within the popular WordPress plugin LearnPress, a free learning management system plugin for WordPress that allows site…
Scams targeting hospitality sector
Information provided by the City of London Police has advised that analysis of crime reports by the National Fraud Intelligence Bureau reveals that the hospitality…
Over 4,000 internet-facing Sophos Firewalls found to be still vulnerable to remote code execution bug disclosed in September 2022
Description: In September 2022, Sophos released a security advisory warning of a critical remote code execution vulnerability that had been seen exploited in the wild….
Threat actors spreading malware using Google Ads campaigns
Description: A recent rise in malware spreading through Google Ads has been noted by security researchers, with the impersonation campaigns affecting multiple software brands, such…
Microsoft’s January 2023 Patch Tuesday addresses 11 critical vulnerabilities, with one actively exploited
Description: Microsoft’s first Patch Tuesday of 2023 fixes 98 vulnerabilities, 11 of which have a critical CVSS severity rating. Of the 98, only one of the vulnerabilities…
Cisco warns of critical authentication bypass vulnerability in End-of-Life small business routers
Description: Cisco has published a security advisory warning of a critical vulnerability in multiple End-Of-Life (EoL) routers that could allow a remote attacker to bypass authentication or…