March 12, 2024 at 09:51AM The US Government Accountability Office conducted a study on CISA’s operational technology (OT) cybersecurity products and found some teams were understaffed. While CISA offers various security products and guidance, the GAO report identified staffing issues impacting incident response and architecture design reviews. CISA is urged to improve workforce planning. SecurityWeek’s … Read more
March 11, 2024 at 05:40PM CISA officials reported a breach by threat actors who exploited Ivanti product vulnerabilities in February. Suspicious activity was discovered in two systems, the Infrastructure Protection Gateway and Chemical Security Assessment Tool, prompting CISA to recommend reviewing its advisory on three Ivanti vulnerabilities. The incident also exposed the failure of Ivanti … Read more
March 11, 2024 at 10:03AM Over the weekend, Taiwan-based QNAP Systems announced patches for critical vulnerabilities in several products, such as QTS, QuTS hero, and QuTScloud. The flaws could enable unauthenticated access to network-attached storage (NAS) devices. CVE-2024-21899 poses a high risk, while CVE-2024-21900 and CVE-2024-21901 present medium risks, requiring authentication for exploitation. QNAP also … Read more
March 10, 2024 at 08:02PM Japanese cybersecurity officials issued a warning about North Korea’s Lazarus Group targeting the PyPI software repository with tainted Python packages, infecting Windows machines with the Comebacker Trojan. Gartner’s Dale Gardner describes Comebacker as a general purpose Trojan. The attack is a form of typosquatting and may disproportionately impact developers in … Read more
March 8, 2024 at 03:45AM Threat actors are using the QEMU open-source hardware emulator for tunneling during cyber attacks, marking the first known use of QEMU for this purpose. Kaspersky researchers discovered that QEMU enables creating virtual network interfaces, allowing communication with remote servers. This tactic demonstrates the evolving strategies of threat actors to blend … Read more
March 7, 2024 at 09:21AM Threat actors are launching distributed brute-force attacks on WordPress sites through malicious JavaScript injections, causing unauthorized access to target sites. This shift from crypto drainers to brute-force attacks may be driven by profit motives, as compromised sites can be monetized in various ways. Prior attacks have exploited vulnerabilities in WordPress … Read more
March 7, 2024 at 06:27AM In March, JetBrains announced patches for two critical vulnerabilities in TeamCity, leading to immediate exploitation attempts due to miscommunication between Rapid7 and JetBrains. Rapid7 disclosed the flaws to prevent silent patching, while JetBrains wanted customers to install patches first. Exploitation attempts were seen from numerous IPs, highlighting the urgency of … Read more
March 6, 2024 at 05:40PM Hackers have been targeting WordPress sites with widescale attacks, initially using crypto wallet drainer scripts to steal cryptocurrency. More recently, they have switched to injecting malicious scripts that force visitors’ browsers to conduct bruteforce attacks on other websites. The threat actor’s goal seems to be building a larger portfolio of … Read more
March 5, 2024 at 11:50AM Malicious actors used QEMU as a tunneling tool to establish a network tunnel in a cyberattack on a large company. This unusual case demonstrates the diverse methods attackers use to evade detection. Kaspersky analysts discovered the attack and emphasized the need for multi-level protection, including 24/7 network monitoring, to defend … Read more
March 5, 2024 at 06:45AM Group-IB findings show over 225,000 compromised OpenAI ChatGPT credentials up for sale on underground markets. The credentials were linked to LummaC2, Raccoon, and RedLine malware, with a 36% increase in infiltrated hosts between June and October 2023. Nation-state actors are using AI and large language models for cyber attacks, posing … Read more