Recent Security News
-
CISA Issues Emergency Directive on Ivanti Zero-Days
January 19, 2024 at 07:54PM CISA is pressuring organizations to urgently address critical vulnerabilities in Ivanti Connect Secure VPN. Agencies must apply available mitigations, remove compromised products, and report infected devices. This follows a Chinese government-backed hacking team exploiting the vulnerabilities. The company has released pre-patch mitigations, with comprehensive fixes set to begin rollout on…
-
Protecting Your Network Security from Ivanti Zero-Day Threat
January 19, 2024 at 07:49PM The Ivanti Zero-Day vulnerability poses significant real-world impacts, with the need for immediate action to mitigate its effects. The broader concern lies in the pervasive vulnerability of VPNs. An alternative approach, such as Trend Microâ„¢ Zero Trust Secure Access, offers a promising solution to prevent vulnerabilities from escalating into major…
-
Russian hackers stole Microsoft corporate emails in month-long breach
January 19, 2024 at 07:23PM Microsoft disclosed a breach in corporate email accounts, with data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The attack was detected on January 12th, and it was found that Nobelium accessed the accounts through a password spray attack in November 2023. The investigation is ongoing, and Microsoft is…
-
Russians invade Microsoft’s exec mail while China jabs at VMware vCenter Server
January 19, 2024 at 07:15PM Chinese cyberspies have been exploiting a VMware security vulnerability, CVE-2023-34048, allowing them to hijack vulnerable servers. Meanwhile, a Moscow-backed group breached a small percentage of Microsoft corporate email accounts. Additionally, CISA issued an emergency directive to mitigate Ivanti Connect Secure zero-days, likely targeted by Chinese nation-state attackers. Persistent concerns exist…
-
Russian hackers breached Microsoft to steal corporate emails
January 19, 2024 at 07:08PM Microsoft confirmed a breach of corporate email accounts by Russian state-sponsored group Midnight Blizzard. The attack, detected on January 12th, 2023, was initiated via a password spray attack in November 2023. Access was gained to leadership team and legal department emails for over a month, enabling theft of emails and…