The Security Blog From Gridinsoft

Fortinet Reports SQL/RCE Vulnerability in FortiClient EMS

Fortinet RCE Vulnerability Affects FortiClient EMS Servers

Fortinet disclosed a critical vulnerability affecting FortiClient EMS products in March 2024. This vulnerability, categorized as an SQL injection, poses…

Adobe Reader Infostealer Plagues Email Messages in Brazil

A recent email spam campaign reportedly spreads infostealer malware under the guise of Adobe Reader Installer. Within a forged PDF…

BianLian Exploits TeamCity Vulnerability to Deploy Backdoors

BianLian, a group of cybercriminals known for their ransomware attacks, recently caught the attention of the information security community. By…

PUA:Win32/Softcnapp

Detection of PUA:Win32/Softcnapp by Microsoft Defender, assigned to an unwanted program. It sometimes appears as a false positive of a…

Microsoft is Hacked, Again by Midnight Blizzard

Microsoft acknowledges being hacked for the second time this year, by the same Russia state-sponsored group Midnight Blizzard. The company…

FritzFrog Botnet Exploits Log4Shell Vulnerability

New FritzFrog Botnet Sample Exploits Log4Shell and PwnKit

Researchers detected a new sample of FritzFrog malware, that is known for creating significant botnets. The new threat sample includes the functionality to exploit flaws in network assets, including the…

Critical Apple Operating Systems Vulnerabilities Exploited

Critical Vulnerability Uncovered in Apple iOS and macOS Exploited

The Cybersecurity and Infrastructure Security Agency has identified a security flaw in Apple operating systems, particularly iOS and macOS. It has been added to the agency’s Known Exploited Vulnerabilities catalog.…

White Phoenix Decryptor Gets an Online Version

White Phoenix Decryptor by CyberArk Updated With Web Interface

CyberArk has released an online version of a file decryptor. This is a simplified, web version of the “White Phoenix” decryptor, initially available from the source code placed on GitHub.…

GitLab critical vulnerability allows files to be overwritten

GitLab Vulnerability CVE-2024-0402 Exposes File Overwrite Risk

In a new security update, GitLab has issued a patch for a critical vulnerability. This flaw could allow unauthorized users to overwrite files, potentially leading to data corruption or executing…

Juniper Network's Junos OS Vulnerabilities Revealed

4 Junos OS Vulnerabilities Fixed, Update Now

In the latest security bulletin, Juniper Networks announced the release of fixes for a selection of vulnerabilities in their Junos OS. Among the fixed flaws is a high-severity one that…

Panda Security Driver Vulnerabilities Uncovered

Panda Security Driver Vulnerabilities Uncovered in APT Simulation

Security researchers discovered critical security driver vulnerabilities in Panda Security software. This chain of flaws abuses legitimate drivers to disable EDR products. Despite having relatively low CVSS scores, they may…

Kasseika Ransomware Uses BYOVD Tactics in Attacks

Kasseika Ransomware Exploits Vulnerable Antivirus Drivers

A new ransomware called “Kasseika” uses Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files. Kasseika was likely built by former members of the BlackMatter group…

Critical Auth Bypass Vulnerability in GoAnywhere MFT

GoAnywhere MFT Auth Bypass Vulnerability Discovered

The fest of vulnerabilities in enterprise software continues with an auth bypass flaw in Fortra’s GoAnywhere MFT. Rated at CVSS 9.8, this flaw allows an adversary to create an administrator…

RCE Vulnerability in Confluence Exploited in the Wild

Confluence RCE Vulnerability Under Massive Exploitation

Researchers are seeing attempts to exploit a critical vulnerability in outdated Atlassian Confluence servers. The flaw allows attackers to execute code remotely, with most attempts from Russian IP addresses. Typically…

CISA Urges Patching Citrix RCE Vulnerability

2 Citrix RCE Under Active Exploitation, CISA Notifies

CISA has given a timeframe of one to three weeks to fix three vulnerabilities related to Citrix NetScaler and Google Chrome. These zero-day vulnerabilities were actively used in cyber attacks.…

LockBit Ransomware Starts Using Word Files For Distribution, Again

LockBit Ransomware Uses Resume Word Files to Spread

A recent investigation by ASEC reveals the new tactics of an infamous LockBit ransomware. “Post-paid pentesters” started masquerading as innocuous summaries in Word documents. Ironically, this similar tactic is reminiscent…

SonicWall API vulnerability has left 178,000 firewalls vulnerable to attacks.

Over 178,000 SonicWall Firewalls are Vulnerable to DoS and RCE

Recent research uncovers a significant portion of SonicWall firewall instances being susceptible to attacks. In particular, two vulnerabilities are able to cause remote code execution (RCE) and DoS attacks. Unfortunately,…