August 20, 2024 at 07:18AM In August 2024, F5 released patches for nine vulnerabilities, including high-severity flaws in BIG-IP and NGINX Plus. The most severe issue, CVE-2024-39809, impacts BIG-IP Next Central Manager, allowing attackers to access systems after user logout. F5 also addressed CVE-2024-39778, CVE-2024-39792, and CVE-2024-41727, as well as five medium-severity flaws. Mitigation actions … Read more
June 5, 2024 at 08:00AM Mandiant’s new threat research revealed a resurgence in criminal extortion in 2023, with more ransomware investigations and a 75% increase in data leak site postings. The use of data exfiltration and breach-shaming in ransomware attacks is growing, with criminals exploring payment in Monero cryptocurrency. The report highlights evolving ransomware techniques … Read more
November 14, 2023 at 09:57AM The pro-Palestinian cyber espionage group, TA402, has developed a new tool called IronWind to target government agencies in the Middle East and North Africa. Despite the conflict in the region, TA402 continues to operate and has shown sophistication in its tactics. The group uses geofencing to limit attacks and has … Read more
November 7, 2023 at 10:03AM Security firm Jamf has discovered a new macOS malware called ObjCShellz that is believed to be used by North Korean hackers to target cryptocurrency exchanges. The malware, tracked as part of the RustBucket Campaign, allows attackers to deliver macOS instructions and collect responses while remaining undetected. Although the purpose of … Read more