November 27, 2024 at 04:59AM Researchers from AmberWolf revealed a new attack method targeting corporate VPN clients, exposing vulnerabilities in widely used software like Palo Alto Networks and SonicWall. They published NachoVPN, an open-source tool to demonstrate these exploits. While patches exist, exploitation requires users to connect to rogue servers, often via social engineering. ### … Read more
October 10, 2024 at 09:39AM The US CISA has added vulnerabilities in Fortinet and Ivanti products to its Known Exploited Vulnerabilities catalog. Fortinet’s critical CVE-2024-23113 affects multiple products, allowing remote code execution. Ivanti faces issues with CVE-2024-9379 and CVE-2024-9380 related to its Cloud Services Application, prompting security recommendations for users. ### Meeting Takeaways **1. Fortinet … Read more
October 9, 2024 at 09:49AM The Trinity ransomware gang has targeted at least one US healthcare provider, likely Rocky Mountain Gastroenterology, which experienced a data breach. The HHS issued a security advisory highlighting Trinity’s sophisticated double extortion tactics. Organizations are urged to enhance cybersecurity measures, including MFA and secure backups, to prevent attacks. ### Meeting … Read more
August 14, 2024 at 02:15PM An ongoing social engineering campaign linked to the Black Basta ransomware group involves multiple intrusion attempts aiming at credential theft and deploying the SystemBC malware dropper. Threat actors use tactics such as email bombing, phone calls, and fake solutions to persuade users to download legitimate remote access software for deploying … Read more
June 27, 2024 at 02:35PM TeamViewer disclosed a breach in its corporate IT environment due to an APT hacking group. They are working with global cybersecurity experts to investigate and address the irregularity. Although there’s no evidence of product or customer data compromise, the breach raises concerns due to TeamViewer’s extensive use in consumer and … Read more
May 16, 2024 at 09:38AM Microsoft Threat Intelligence revealed that a financially motivated threat actor, Storm-1811, is conducting a vishing campaign using Quick Assist for remote access, posing as trusted contacts. The attacker delivers Black Basta ransomware and additional malware through various means, emphasizing the need for vigilance and user education to combat social engineering … Read more
March 7, 2024 at 09:34AM Cisco announced patches for two high-severity vulnerabilities in Secure Client VPN application, impacting Linux, macOS, and Windows versions. The first issue, tracked as CVE-2024-20337, could be exploited remotely without authentication, while the second bug, tracked as CVE-2024-20338, affects only Secure Client for Linux and requires authentication. Cisco also addressed multiple … Read more