Owl Labs Retraction, Qakbot, and Other Notable Updates


Owl Labs Flaw Removed from CISA List

by Artie Kaye

In this months CISA update list there were known exploited vulnerabilities listed from Owl Labs.  After further investigation on CISA’s part, these were found to not be actively targeted as initially reported to them.  As such the CVE’s related to the flaws are being removed from the exploit list.  Our monthly list will be updated to acknowledge this.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)


Qakbot Update: Still Active

by Artie Kaye

While law enforcement reported they had taken the botnet down, recent activity from the network suggests they only took down parts of it.  The administrative level devices which were targeted in the operation were only part of the network.  This did not address the lower level functions, such as the spam and phishing automations.  Regrettably, the botnet remains active, and may yet pose a threat to users online.

Original Wyo Support Article

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)


Notable Patches (October 1-6)

by Artie Kaye

Some of the zero days and severe CVE’s addressed this week.

Atlassian

Their Confluence Server and Data Center has been patched to remediate critical vulnerabilities.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)


Qualcomm

Patched three zero-day flaws and several other high severity flaws.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)