EHA
Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities

Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities

Several new vulnerabilities have been discovered in Toshiba e-STUDIO Multi-Function Printers (MFPs) that are used by businesses and organizations worldwide. These vulnerabilities affect 103 different models of Toshiba Multi-Function Printers.  Vulnerabilities identified include Remote Code...
Zscaler Client Connector Zero-interaction Privilege Escalation Vulnerability

Zscaler Client Connector Zero-interaction Privilege Escalation Vulnerability

A new privilege escalation vulnerability has been discovered in Zscaler Client Connector, combining three different vulnerabilities. The three vulnerabilities were associated with Reverting password check (CVE-2023-41972), arbitrary code execution (CVE-2023-41973), and Arbitrary File Deletion (CVE-2023-41969). Though...
GHOSTENGINE Malware Terminates EDR Agents That Interfere In Their Process

GHOSTENGINE Malware Exploits Vulnerable drivers To Terminate EDR Agents

Researchers discovered REF4578, an intrusion set that uses vulnerable drivers to disable established security solutions (EDRs) for crypto mining and deploys a malicious payload known as GHOSTENGINE. GHOSTENGINE is in charge of locating and running...
Ivanti Endpoint Manager SQL Injection Flaw Let Attackers Execute Arbitrary Code

Ivanti Endpoint Manager SQL Injection Flaw Let Attackers Execute Arbitrary Code

Multiple vulnerabilities involving SQL injection have been identified in Ivanti Endpoint Manager. These vulnerabilities could potentially enable malicious actors to carry out various unauthorized actions, including initiating Denial of Service attacks and executing arbitrary...
Hackers Weaponize Word Files To Deliver DanaBot Malware

Hackers Weaponize Word Files To Deliver DanaBot Malware

Recent email campaigns distribute DanaBot malware through two document types: those using equation editor exploits and those containing external links, where attackers send emails disguised as job applications with a malicious Word document attached.  The...
HookChain – A New Sophisticated Technique Evades EDR Detection

HookChain – A New Sophisticated Technique Evades EDR Detection

In the rapidly evolving, complex threat landscape, EDR companies are constantly racing against new vectors. Recently, Helvio Benedito Dias de Carvalho Junior (aka M4v3r1ck) from Sec4US has developed an innovation called "HookChain." It is an...
Critical Bitdefender Vulnerabilities Let Attackers Gain Control Over System

Critical Bitdefender Vulnerabilities Let Attackers Gain Control Over System

Bitdefender GravityZone Update Server (versions 6.36.1, Endpoint Security for Linux 7.0.5.200089, and Endpoint Security for Windows 7.9.9.380) is vulnerable to server-side request forgery (SSRF) due to an incorrect regular expression.  The weakness allows an attacker...
Malware Families Adapting To COM Hijacking Technique To Achieve Persistence

Malware Families Adapting To COM Hijacking Technique For Persistence

COM (Component Object Model) hijacking is a technique in which threat actors exploit the core architecture of Windows by adding a new value on a specific registry key related to the COM object. This...
Best Endpoint Security Tools

11 Best Advanced Endpoint Security Tools – 2024

Endpoint security tools are important parts of cybersecurity in order to keep computers, phones, and servers safe from threats and bad behavior. Every enterprise, regardless of size, has a digital perimeter. This perimeter comprises all...
Best DevOps Tools

10 Best DevOps Tools to Shift Your Security  in 2024

DevOps refers to a collection of processes and technologies used in software development and IT operations that reduce the system development life cycle and enable continuous delivery. However, when time and resources are limited, security...

Managed WAF

Website

Latest News