#Exfiltration

DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign 

by

September 5, 2024 at 07:12AM Multiple threat groups have exploited two old vulnerabilities in DrayTek VigorConnect management software to target organizations worldwide. The flaws allow attackers to download arbitrary files with root privileges. Exploitation attempts spiked in August, prompting CISA to add the vulnerabilities to its KEV catalog. The attacks seem broad and not targeting … Read more

Hackers Weaponize SEC Disclosure Rules Against Corporate Targets

by

November 17, 2023 at 05:44PM Ransomware group ALPHV, also known as “BlackCat,” has filed a complaint with the US Securities and Exchange Commission (SEC), accusing a recent victim of non-compliance with new disclosure regulations. ALPHV attacked digital lending service provider MeridianLink, stole and leaked data, and then reported the breach to the SEC, claiming the … Read more