Recent Security News
-
CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits
January 19, 2024 at 11:57PM The U.S. CISA issued an emergency directive for Federal Civilian Executive Branch agencies to address actively exploited zero-day flaws in Ivanti Connect Secure and Policy Secure products. These vulnerabilities allow threat actors to execute commands and are being exploited, necessitating immediate mitigation. Ivanti is expected to release an update next…
-
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware
January 19, 2024 at 10:03PM TA866, a threat actor, has returned after a hiatus, launching a large phishing campaign to distribute malware such as WasabiSeed and Screenshotter. The campaign targeted North America with PDFs containing OneDrive URLs that initiate a multi-step infection chain. Other actors, such as TA571, are involved in spam email campaigns to…
-
Microsoft Says Russian Gov Hackers Stole Email Data from Senior Execs
January 19, 2024 at 07:54PM Russian government-backed hackers infiltrated Microsoft’s network, accessing senior executives’ emails and attachments in cybersecurity and legal departments. Microsoft’s security team detected the attack in January 2024, tracing it back to November 2023. The intrusion did not exploit vulnerabilities in Microsoft’s products or access customer environments. The company will notify customers…
-
CISA Issues Emergency Directive on Ivanti Zero-Days
January 19, 2024 at 07:54PM CISA is pressuring organizations to urgently address critical vulnerabilities in Ivanti Connect Secure VPN. Agencies must apply available mitigations, remove compromised products, and report infected devices. This follows a Chinese government-backed hacking team exploiting the vulnerabilities. The company has released pre-patch mitigations, with comprehensive fixes set to begin rollout on…
-
Protecting Your Network Security from Ivanti Zero-Day Threat
January 19, 2024 at 07:49PM The Ivanti Zero-Day vulnerability poses significant real-world impacts, with the need for immediate action to mitigate its effects. The broader concern lies in the pervasive vulnerability of VPNs. An alternative approach, such as Trend Microâ„¢ Zero Trust Secure Access, offers a promising solution to prevent vulnerabilities from escalating into major…