February 29, 2024 at 03:40PM The U.S. Cybersecurity Agency (CISA) revealed that attackers breaching Ivanti appliances can maintain root persistence after factory resets. Four vulnerabilities allow evasion of Ivanti’s Integrity Checker Tool, with ratings from high to critical. CISA warned of compromised Ivanti devices’ significant risk and ordered federal agencies to disconnect and rebuild affected … Read more
February 27, 2024 at 11:27AM Multiple threat actors are exploiting two recently resolved vulnerabilities in ConnectWise ScreenConnect. The flaws, tracked as CVE-2024-1709 and CVE-2024-1708, allow for authentication bypass and path traversal. ConnectWise has released patches and urged immediate updates to version 23.9.8. Trend Micro has observed various cybercrime groups exploiting the vulnerabilities for malware delivery … Read more
February 27, 2024 at 05:45AM Cybersecurity researchers discovered a vulnerability in the Hugging Face Safetensors conversion service, allowing malicious actors to hijack models submitted by users and conduct supply chain attacks. The attack could compromise repositories, leading to the theft of tokens and potential backdoor implantation. Another recent vulnerability in GPGPUs allowed data recovery from … Read more
February 26, 2024 at 05:57PM The hacking group UAC-0184 utilized steganographic images to deploy the Remcos remote access trojan onto a Ukrainian entity in Finland. The group expanded to target organizations outside Ukraine. The attack involves phishing emails, a modular loader, and executing malware disguised in a PNG image. Details are available in the CERT-UA … Read more
February 13, 2024 at 07:39AM Fitch Ratings reports a 178% increase in cyber insurance premium costs from 2017 to 2022, with a 51% rise in 2022. As insurers adjust pricing and clients bolster cybersecurity measures, costs are expected to stabilize. Lloyd’s of London and Munich Re emphasize the need for stronger security measures, outlining twelve … Read more
February 10, 2024 at 10:17AM Recent versions of the Raspberry Robin malware use stealthy one-day exploits for vulnerabilities in software, before the fixes are widely deployed. The malware has evolved since its 2021 discovery and now employs new evasion and distribution methods. It has been observed targeting systems globally and using Discord for malicious file … Read more
February 9, 2024 at 04:09PM Ransomware payments soared in 2023, doubling compared to the previous year, exceeding $1 billion. Chainalysis found a total of $1.1 billion in cryptocurrency wallets used by cybercriminals to receive payments, a significant increase from $557 million in 2022. The report also highlighted an increase in ransomware attacks and the laundering … Read more
February 8, 2024 at 06:14PM Fortinet warns of a critical remote code execution vulnerability (CVE-2024-21762/FG-IR-24-015) in FortiOS SSL VPN, with a 9.6 severity rating. Unpatched versions affected. Recommended upgrades provided. Those unable to patch can mitigate by disabling SSL VPN. Potential exploitation by threat actors. Urgent device updates advised due to high severity and possible … Read more
February 8, 2024 at 11:40AM “Ov3r_Stealer” is a novel malware targeting Facebook users through job ads. It steals various data types including geolocation, passwords, and credit card information. The malware uses multiple execution methods and its origin involves complex communication channels and pseudonyms. As a modular tool, it can facilitate other malware and pose a … Read more
February 7, 2024 at 07:57PM Fortinet warns of two unpatched patch bypasses, tracked as CVE-2024-23108 and CVE-2024-23109, for the critical remote code execution vulnerability in FortiSIEM. Originally considered duplicates, Fortinet now confirms they are valid variants of the original flaw, CVE-2023-34992. Upcoming FortiSIEM versions will address these vulnerabilities, so immediate upgrading is strongly recommended. Based … Read more