Security Affairs

MARCH 1, 2024

The Five Eyes alliance warns of threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways. The Five Eyes intelligence alliance issued a joint cybersecurity advisory warning of threat actors exploiting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways.

Authentication 85

Authentication Cyber threats VPN Government 85

Malwarebytes

FEBRUARY 2, 2024

Besides the Ivanti vulnerabilities actively exploited in massive numbers we wrote about on January 11, 2024, alerts sounded about two new high severity flaws on January 31, 2024. These actions include threat hunting on any systems connected to—or recently connected to—the affected Ivanti device. How did it come this far?

Accountability 98

Accountability Ransomware Risk Cybersecurity 98

Security Affairs

JANUARY 7, 2024

Researchers from Dutch security firm Hunt & Hackett observed Sea Turtle cyber espionage group (aka Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) targeting telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. ” reads the report published by Hunt & Hackett.

Media 122

Media Accountability Telecommunications Government 122

Security Affairs

DECEMBER 13, 2023

Sophos backports the fix for the critical code injection vulnerability CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering that threat actors are actively exploiting the flaw in attacks in the wild. A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin.”

Firmware 102

Firmware Firewall Internet Internet 102

Malwarebytes

OCTOBER 11, 2023

Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no update was available, so defenders had "zero days" to patch the flaw.

Internet 89

Internet Internet Software Risk 89

Webroot

FEBRUARY 2, 2022

Threat actors are becoming more sophisticated, agile and relentless in their pursuit of stealing personal information for financial gain. Rapid and evolving shifts in the threat landscape require the knowledge and solutions to prepare and prevent threats that could spell disaster for organizations’ reputations and operations.

Energy and Utilities 109

Energy and Utilities Cyber threats Ransomware Government 109

eSecurity Planet

FEBRUARY 17, 2023

Threat hunting starts with a pretty paranoid premise: That your network may have already been breached and threat actors may be inside waiting for an opportunity to strike. Threat hunting teams are often composed of analysts from SOC teams or similarly qualified security pros.

Cyber threats 75

Cyber threats Network Security Technology Threat Detection 75

Malwarebytes

NOVEMBER 24, 2023

In a joint cybersecurity advisory , the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), along with other international agencies, warn that ransomware gangs are actively exploiting the Citrix Bleed vulnerability. are now End-of-Life (EOL) and also vulnerable. out of 10).

Government 105

Government Ransomware Backups Software 105

Security Affairs

DECEMBER 9, 2023

A team of researchers from the Singapore University of Technology and Design discovered a set of security vulnerabilities in the firmware implementation of 5G mobile network modems from major chipset vendors. The vulnerabilities affect 5G modems, 10 issues impacts Qualcomm and MediaTek, and three of them are rated high severity.

Firmware 119

Firmware Mobile Software Hacking 119

Security Affairs

MARCH 10, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Spyware 98

Spyware Data breaches Hacking Ransomware 98

Malwarebytes

JULY 16, 2023

Threatening rogue finance apps removed from the Apple Store MOVEit Transfer fixes three new vulnerabilities Malwarebytes Browser Guard introduces three new features Warning issued over increased activity of TrueBot malware Stay safe! Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected.

Ransomware 77

Ransomware Mobile Accountability Malware 77

SecureWorld News

NOVEMBER 2, 2023

In the ever-evolving landscape of cybersecurity threats, the discovery of serious vulnerabilities can send shockwaves through the digital world. Citrix Bleed, officially identified as CVE-2023-4966, is a sensitive information disclosure vulnerability affecting NetScaler ADC and NetScaler Gateway appliances.

Authentication 78

Authentication Data breaches Passwords Firmware 78

Malwarebytes

MAY 19, 2022

The Cybersecurity & Infrastructure Security Agency has issued an Emergency Directive ED 22-03 and released a Cybersecurity Advisory (CSA) about ongoing, and expected exploitation of multiple vulnerabilities in several VMware products. Chaining unpatched VMware vulnerabilities.

Authentication 98

Authentication Engineering Internet Internet 98

Security Boulevard

MAY 10, 2023

Are we really making the best use of our resources by scrambling to patch every new vulnerability that emerges, or should we be reallocating some of those resources to focus on proactive post-exploitation behavioral […] The post The Power Shift: Prioritizing Behavioral Threat Hunting Over Panic Patching appeared first on Cyborg Security.

CISO 61

CISO Cybersecurity 61

Security Affairs

DECEMBER 13, 2022

Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix ADC and Gateway. The vulnerability is actively exploited by China-linked threat actors to gain access to target networks. The advisory points out that there are no workarounds for this vulnerability.

Authentication 131

Authentication Hacking Technology Cybersecurity 131

Security Affairs

APRIL 2, 2024

The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10. Stable ) and to hunt for any malicious. Binarly has created a free scanning tool to help the industry mitigate the threat, the company pointed out that the detection method they use has close to zero false positive rates.

Firmware 121

Firmware Authentication Engineering Hacking 121

CSO Magazine

MARCH 2, 2021

There’s no doubt that threat hunting is a valuable strategy when shifting your security team from reactive to proactive. I’ve outlined five techniques to establishing a solid threat hunting plan. Many organizations, however, are stretched thin and stuck operating in reactive mode. Not sure where to start?

Risk 101

Risk 101

Security Boulevard

JANUARY 10, 2022

Emerging threats posed many challenges to security professionals and created many opportunities for threat actors. Picus has curated a list of the top five threats observed in 2021, detailing ten lessons defenders can learn from them. . Microsoft Exchange Server Vulnerabilities. Vulnerability Type. CVSS Score.

Cyber threats 141

Cyber threats Ransomware Risk Architecture 141

Security Affairs

AUGUST 6, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Malware 90

Malware Cybercrime Cryptocurrency Social Engineering 90

Security Affairs

MAY 2, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link, Apache, and Oracle vulnerabilities to its Known Exploited Vulnerabilities catalog. The CVE-2023-1389 flaw is an unauthenticated command injection vulnerability that resides in the locale API of the web management interface of the TP-Link Archer AX21 router.

Education 96

Education Media Cybersecurity Hacking 96

Daniel Miessler

MARCH 24, 2021

Where one “should” be in this hierarchy depends on your threat model. Where one “should” be in this hierarchy depends on your threat model. Thanks to Troy Hunt, Anton Chuvakin, and Tim Dierks for spawning the idea for this. Jamieson for making the suggestion to show what each rank is vulnerable to.

Authentication 363

Authentication Passwords Internet Internet 363

CSO Magazine

MAY 3, 2021

Threat hunting isn't just for the biggest organizations anymore. As the SolarWinds attack demonstrated, any size company can be vulnerable to stealthy attackers who worm their way into the enterprise.

Cybersecurity 114

Cybersecurity 114

Security Affairs

NOVEMBER 26, 2021

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. The identified vulnerability enables Remote Code Execution (RCE) which grants the ability to takeover of the device and then use it for malicious purposes, as well as to steal sensitive data too.

IoT 143

IoT Wireless DDOS VPN 143

Security Affairs

APRIL 25, 2023

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451 ) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8)

DDOS 97

DDOS Engineering Firmware Architecture 97

The Last Watchdog

AUGUST 4, 2021

SMBs must continually come up with cool new apps to stay competitive; it’s no surprise that this is also where threat actors are focusing their attention. Criminal hacking rings are carrying out big sweeps , 24X7, hunting for well-known application vulnerabilities that they can manipulate to breach company networks.

Mobile 214

Mobile Marketing Digital transformation Risk 214

CyberSecurity Insiders

MAY 21, 2023

Whether you’re passionate about securing networks, protecting data, or investigating cyber threats, choosing the right research topic is crucial for a successful and impactful Master’s journey. IoT Security: Examine the vulnerabilities and challenges associated with securing the Internet of Things (IoT) devices and networks.

Cybersecurity 91

Cybersecurity Cyber threats IoT Artificial Intelligence 91

The Last Watchdog

DECEMBER 26, 2018

Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business’ systems for a long time without anyone noticing. In an ideal world there would no dwell time at all, and threats would be identified before they can penetrate business’ defenses. Related podcast: The re-emergence of SIEMs.

Penetration Testing 143

Penetration Testing Technology Software Antivirus 143

CyberSecurity Insiders

NOVEMBER 14, 2022

Well, unconfirmed reports state that the entire database owned by the Microsoft Regional Director Troy Hunt was hacked by cyber criminals through an unknown vulnerability. Wait, the threat doesn’t end here! But what if the platform itself gets infiltrated and leaks the whole of its database to cyber crooks?

Cyber Attacks 131

Cyber Attacks Data breaches Hacking Media 131

SecureWorld News

DECEMBER 15, 2022

IT and cybersecurity companies Citrix and Fortinet have announced security updates to patch Zero-Day vulnerabilities that were actively exploited by threat actors. The following supported versions of Citrix ADC and Gateway are affected by this vulnerability: Citrix ADC and Citrix Gateway 13.0 Citrix ADC 12.1-FIPS FIPS before 12.1-55.291.

VPN 76

VPN Ransomware Authentication Cybersecurity 76

Jane Frankland

JANUARY 9, 2024

In recent years, data breaches and compliance failures have made organisations increasingly aware of the need for comprehensive cybersecurity solutions to detect and address threats. They include monitoring for potential threats and incidents, responding to confirmed breaches, and providing support for incident investigation processes.

Threat Detection 147

Threat Detection Technology Marketing Artificial Intelligence 147

Security Affairs

NOVEMBER 12, 2021

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong.

Malware 139

Malware Media Surveillance Encryption 139

Security Affairs

DECEMBER 13, 2021

Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. Based on the nature of the vulnerability, once the attacker has full access and control of an application, they can perform a myriad of objectives. ” reads the analysis published by Microsoft.

Malware 123

Malware Hacking Cybercrime Information Security 123

Jane Frankland

JANUARY 23, 2024

I wove in many data points, including some from Managed Threat Detection and Response firm, e2e-assure, who I’m partnering with, and their latest report, Rejuvenating Cyber Defence Strategies. Having begun by discussing the first core feature, technology, I then focused on the second core feature, contract terms. Core Feature #3.

Threat Detection 162

Threat Detection Risk Social Engineering Cybersecurity 162

Security Affairs

MAY 17, 2023

Searchlight Cyber researchers warn of threat actors that are offering on the dark web access to energy sector organizations. Dark web intelligence firm Searchlight Cyber published a report that analyzes how threat actors in the dark web prepare their malicious operations against energy organizations.

Energy and Utilities 97

Energy and Utilities Cybercrime Data collection VPN 97

eSecurity Planet

MAY 19, 2022

Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to fix critical vulnerabilities in VMware products by Monday or remove the products from service. Multiple VMware products are affected by two new critical vulnerabilities that the company issued updates for yesterday.

Authentication 100

Authentication Internet Internet Accountability 100

Troy Hunt

DECEMBER 13, 2019

this is just complete and utter rubbish) Oh look, a kid's tracking watch with serious security vulnerabilities! this is such an alarmingly predictable trend now) Sponsored by: Whois XML API: The top domain WHOIS, DNS, IP and Threat Intelligence solution provider for MDR, SIEM, digital forensics, and threat hunting.

DNS 143

DNS 143

Security Affairs

JULY 6, 2023

Threat actors compromised target networks by exploiting a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software tracked as CVE-2022-31199. Joint advisory by @CISAgov , @FBI , @CISecurity 's MS-ISAC, & @cybercentre_ca reveals new variants exploiting #Netwrix Auditor vulnerability.

Malware 95

Malware Cyber threats Phishing Hacking 95