Cybernetic GI Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) /...
Background The Log4Shell critical vulnerability in the widely used logging tool Log4j has caused concern beyond the cyber security community. This is because Log4j - rather than being a single piece of software - is a software component that’s used by millions of computers worldwide running online services....
Background Apache Log4j2 is a ubiquitous library used by millions for Java applications; the library is part of the Apache Software Foundation’s Apache Logging Services project. The vulnerability CVE-2021-44228, disclosed on December 9, 2021, allows for remote code execution against...
Background BlackMatter is a new ransomware threat discovered at the end of July 2021. BlackMatter is ransomware-as-a-service (Raas) tool that allows the ransomware's developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims. This malware started...
Background The Microsoft Threat Intelligence Center (MSTIC) has released information on the uncovering of a widespread malicious email campaign undertaken by the activity group that Microsoft tracks as NOBELIUM. Nobelium, which operates from Russia, is the name given to the threat actor behind...
Background Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide. However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their...
Cybernetic GI Security Bulletin provides a summary of CWE Top 25 Most Dangerous Software Weaknesses in 2021. Entries may include additional information provided by organizations. This data may include identifying information, values, definitions, and related links. The patch information is...
In the previous installation, we delved into the history of the primary victim, Kaseya and the bad actors, REvil. From previous exploits to the final and most devastating one, REvil is and will continue to be a force to reckon...
From 22 February 2018, it became a requirement for certain data breaches, known as “eligible data breaches”, to be notified to the Australian Privacy Commissioner and affected individuals. Previously, it was not mandatory to supply notification of data breaches. A...
Cloud computing has been adopted by almost every organization due to its various benefits and work flexibility. However, with this adoption of the cloud, certain cybersecurity issues have been observed in cloud computing. Approximately 94% of organizations are moderate to...