May 8, 2024 at 08:37PM Zscaler discovered a breached “test” environment, after rumors surfaced of a threat actor selling access to the company’s systems. Zscaler confirmed the test environment was not linked to their infrastructure and took it offline for analysis, assuring no impact on their customer or production environments. The incident was associated with … Read more
May 8, 2024 at 08:29PM Zscaler found and secured an exposed “test environment” after rumors of a potential breach circulated. The company stated that no customer or production environments were compromised and emphasized ongoing investigation. IntelBroker claimed they had access to a cybersecurity company, potentially Zscaler, leading to speculation and concerns. Zscaler did not respond … Read more
May 8, 2024 at 07:37PM Zscaler denies the rumors of a breach after a threat actor claimed to be selling access to a cybersecurity company. The company stated no evidence of a breach in its ongoing investigation and prioritizes the security of its customer and production environments. Additionally, a Zscaler employee urged caution in spreading … Read more
May 6, 2024 at 10:05AM A cyber espionage campaign dubbed ArcaneDoor targeted perimeter network devices from various vendors, possibly linked to China. The attacks involved deploying custom malware and exploiting flaws in Cisco devices. The threat actor’s interest in Microsoft Exchange servers and other vendor devices suggests a Chinese involvement. Additionally, a malware known as … Read more
May 4, 2024 at 05:30AM Czechia and Germany were targeted by a long-term cyber espionage campaign by Russia-linked APT28, utilizing a security flaw in Microsoft Outlook. The attack compromised email accounts and targeted various industry verticals. The European Union, NATO, U.K., and U.S. condemned the cyber campaign. Additionally, there were reports of DDoS attacks and … Read more
May 3, 2024 at 09:10AM The cyberespionage campaign ArcaneDoor, targeting government networks with hacked Cisco firewalls, is likely operated by a Chinese state-sponsored threat actor. Exploiting two zero-day vulnerabilities, the attackers used custom malware to execute commands and exfiltrate data. Censys research supports the connection to China, citing IP addresses and the presence of Chinese-developed … Read more
April 30, 2024 at 05:02PM Docker removed 3 million imageless public repositories from Docker Hub following a discovery by JFrog researchers. The repositories were found to contain links to malicious websites. JFrog highlighted the need for increased moderation on the platform. The attackers exploited a policy loophole that allowed them to include links in description … Read more
April 26, 2024 at 04:05PM Palo Alto Networks shares important update on a critical vulnerability (CVE-2024-3400) with a severity score of 10/10. Exploitable on PAN-OS 10.2, 11.0, and 11.1, the flaw allows unauthenticated threat actors to execute arbitrary code. PAN recommends upgrading to fixed PAN-OS versions and taking specific actions based on suspected activity for … Read more
April 26, 2024 at 07:00AM Palo Alto Networks has issued guidance for mitigating a critical security flaw in PAN-OS, identified as CVE-2024-3400, which allows unauthenticated remote command execution. The flaw has been actively exploited as a zero-day by a potentially state-backed hacking group. Remediation advice varies depending on the level of compromise, including updating to … Read more
April 25, 2024 at 12:06PM A state-sponsored threat actor named UAT4356 conducted a global cyber espionage campaign by exploiting two Cisco zero-day vulnerabilities in firewall devices. Dubbed “ArcaneDoor,” the campaign targeted government networks and utilized custom backdoor malware called “Line Dancer” and “Line Runner.” Organizations are advised to patch their systems and monitor for any … Read more