#NetworkReconnaissance

Hackers breach healthcare orgs via ScreenConnect remote access

by

November 10, 2023 at 02:59PM Hackers have been targeting healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. The attacks involve installing additional remote access tools to ensure persistent access to the environments. The attacks were observed between October 28 and November 8, 2023, and the same actor is behind all incidents. … Read more

Hackers use Citrix Bleed flaw in attacks on govt networks worldwide

by

November 1, 2023 at 02:49PM Threat actors are targeting government, technical, and legal organizations globally by exploiting the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. The attacks have been ongoing since August 2023 and involve credential theft and lateral movement. The attacks are difficult to detect due to limited forensic evidence. … Read more