F5 Released Hotfixes for BIG-IP and iControl REST Vulnerabilities
The vulnerability CVE-2022-41622 makes BIG-IP and BIG-IQ vulnerable to unauthenticated remote code execution (RCE) via cross-site request forgery due to Big-IP’s SOAP API lacking CSRF protection and other protective measures. CVE-2022-41622 and CVE-2022-41800 Vulnerabilities An attacker may trick [...]
Critical vulnerability in Spotify’s Backstage discovered, patched
A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is all [...]
Windows Kerberos authentication breaks after November updates
Microsoft on Sunday reported that after installing updates released on the most recent Patch Tuesday on Nov. 8, security teams might have issues with Kerberos authentication on Windows Servers with [...]
Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign
Security researchers have spotted an intriguing malware campaign designed to increase the search engine rankings of spam websites under the control of threat actors. Over 15,000 WordPress and other sites have [...]
-
New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders GalleryNew “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders
Malware, Internet Security, IOC's, malicious cyber actors, Mobile Security, Security Advisory, Security Update
New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders
A new APT group, Earth Longzhi, reportedly targeted organizations in East Asia, Southeast Asia, and Ukraine using a Cobalt Strike loader. The group, active since at least 2020, is considered [...]
FHN 
