Recent Security News
-
Securing Application Staging & Production Environments
January 11, 2024 at 03:19AM The text emphasizes the importance of securing staging environments to protect sensitive data and minimize security risks. It highlights the need for environmental parity, authentication mechanisms, VPNs, WAFs, and Identity-Aware Proxy for enhanced protection. The goal is to ensure smooth and predictable deployments while preserving asset security and integrity. After…
-
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days
January 10, 2024 at 08:03PM Volexity warned of Chinese hackers exploiting zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Ivanti Connect Secure VPN. It affected fully patched appliances, with pre-patch mitigations provided. The attackers used these exploits to execute commands, steal data, and gain access to network systems. Volexity discovered and described the attacker’s methods. From the…
-
ExtraHop Banks $100M in Growth Funding, Adds New Execs
January 10, 2024 at 08:03PM Seattle-based network detection and response firm ExtraHop raises $100 million in growth funding and expands its executive team. Source: SecurityWeek. Based on the meeting notes, it seems that the Seattle network detection and response firm, ExtraHop, has successfully secured $100 million in growth funding. Additionally, the firm has added new…
-
French Computer Hacker Jailed in US
January 10, 2024 at 08:03PM French hacker Sebastien Raoult, a member of the ShinyHunters gang, was jailed in the US for creating fake login pages to steal personal and financial data from millions. The 22-year-old was motivated by greed and pleaded guilty to conspiracy to commit wire fraud and identity theft. He received a three-year…
-
Attacker Targets Hadoop YARN, Flint Servers in Stealthy Campaign
January 10, 2024 at 06:26PM Adversary exploiting two known misconfigurations in big data technologies to deploy Monero cryptominer. Based on the meeting notes, the key takeaways are: – The adversary is taking advantage of two known misconfigurations in big data technologies – The purpose of this exploitation is to deploy a Monero cryptominer Full Article