Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. […]
Ivanti Connect Secure zero-days exploited to deploy custom malware
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. […]
Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023.
“These families allow the threat actors to circumvent authentication and provide backdoor access to these devices,” Mandiant said in an
“These families allow the threat actors to circumvent authentication and provide backdoor access to these devices,” Mandiant said in an
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands.
“As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is posted on their
“As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is posted on their
Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO
Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a necessity. In this context, Mike Tyson’s famous adage, “Everyone has a plan until they get punched in
Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments.
“This attack is particularly intriguing due to the attacker’s use of packers and rootkits to conceal the malware,” Aqua security researchers Nitzan Yaakov and Assaf Morag said in an analysis published earlier
“This attack is particularly intriguing due to the attacker’s use of packers and rootkits to conceal the malware,” Aqua security researchers Nitzan Yaakov and Assaf Morag said in an analysis published earlier
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain
The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain
Major T-Mobile outage takes down account access, mobile app
A major T-Mobile outage is preventing customers from logging into their accounts and using the company’s mobile app. […]
Framework discloses data breach after accountant gets phished
Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. […]
Over 150k WordPress sites at takeover risk via vulnerable plugin
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. […]