Project Hyphae

Threats

the latest cybersecurity threat alerts

Information Security News 3-20-2023

March 20, 2023
News

LockBit 3.0 Ransomware: Inside the Cyberthreat That’s Costing Millions Article Link: https://thehackernews.com/2023/03/lockbit-30-ransomware-inside.html BianLian Ransomware Crew Goes 100% Extortion After Free Decryptor

Read More »

Microsoft puts WinRE Vulnerability back in the BitLocker.

March 17, 2023
Remediation, Critical, Patch, Threats, Vulnerability

Microsoft released a PowerShell script (KB5025175) for CVE-2022-41099 that allows an attacker to utilize WinRE images to bypass BitLocker device encryption

Read More »

The Sound of Silence Critical Microsoft Outlook Vulnerability

March 17, 2023
Vulnerability, Exploit, Mitigating Control, Patch, Threats

CVE-2023-23397 CVSSv3: 9.8 *Please install Microsoft’s March patches as soon as possible on systems with Outlook. Microsoft has released a zero-day

Read More »

Winter is coming… and so is CVE-2023-26360: Critical Adobe ColdFusion Vulnerability Exploited in the Wild

March 16, 2023
Alerts, Critical, Exploit, Patch, Threats, Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability, CVE-2023-26360, that affects Adobe ColdFusion 2018 and 2021 versions

Read More »

Information Security News 3-13-2023

March 13, 2023
News

AT&T Alerts 9 million Customers of Data Breach After Vendor Attack Article Link: https://www.bleepingcomputer.com/news/security/atandt-alerts-9-million-customers-of-data-breach-after-vendor-hack/ Cyberattacks on School Districts, Like the One

Read More »

No Gateway to Heaven: Critical Fortinet RCE Vulnerability

March 10, 2023
Uncategorized, Alerts, Critical, Patch, Threats, Vulnerability

CVE-2023-25610 CVSSv3: 9.3 Fortinet has released a critical patch that remediates a newly discovered remote code execution (RCE) vulnerability. This vulnerability

Read More »

Microsoft Word Vulnerability Goes Public, Users Wondering If a ‘RTF’ Means ‘Risky Text File’

March 8, 2023
Exploit, Alerts, Critical, Mitigating Control, Patch, Threats, Vulnerability

A proof-of-concept (PoC) for a critical vulnerability in Microsoft Word that allows remote code execution has been published. Assigned a severity

Read More »

Information Security News 3-6-2023

March 6, 2023
News

Threat Actors Target Law Firms with GootLoader and SocGholish Malware Article Link: https://securityaffairs.com/142888/cyber-crime/law-firms-gootloader-socgholish-malware.html Vulnerabilities of Years Past Haunt Organizations, Aid Attackers

Read More »

Year old UEFI vulnerability meditates in the BlackLotus position.

March 3, 2023
Threats, Alerts, Exploit, News, TTP, Vulnerability

ESET announced it has identified and analyzed 6 installers for the BlackLotus bootkit malware. This malware, which leverages the year old

Read More »

Information Security News 2-27-2023

February 28, 2023
News

NSA Shares Guidance on how to Secure Your Home Network Article Link: https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-on-how-to-secure-your-home-network/ Defenders on High Alert as Backdoor Attacks Become

Read More »

VMware Warns of Uninvited Guests: Critical Privilege Execution Flaw Patched in Carbon Black App Control

February 23, 2023
Threats, Alerts, Critical, Exploit, Patch, Vulnerability

VMware has released patches for a critical security vulnerability affecting its Carbon Black App Control product. The vulnerability, tracked as CVE-2023-20858,

Read More »

Twitter is Ditching Free SMS MFA, Here’s Why You Should Too

February 20, 2023
Mitigating Control, News, Remediation, Threats, TTP

Twitter will soon drop support for SMS Multi-Factor Authentication, whereby users receive a text message with a numeric code to verify

Read More »

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.