January 29, 2024 at 12:47PM Middle Eastern cybersecurity firms, connected to Iranian government and specialists, are implicated in cyber attacks on Western democracy, critical infrastructure, and financial institutions. The leaked data points to a network of contractors linked to Iran’s military and intelligence, with expectations of continued operations despite sanctions. Similar arrangements are seen in … Read more
January 26, 2024 at 10:28AM Microsoft confirmed that the Russian hacking group Midnight Blizzard, linked to the Russian Foreign Intelligence Service, breached its systems in November 2023 and stole email from its leadership. The group gained access through a non-MFA-enabled test account and leveraged OAuth applications to access corporate mailboxes. Similar attacks targeting other organizations … Read more
January 26, 2024 at 10:15AM Cybersecurity involves securing business infrastructure and endpoints from unauthorized access, with various specialized teams leading different aspects. The discipline of fraud prevention has further fragmented the landscape. Combining these disciplines under one umbrella is beneficial, offering a comprehensive cybersecurity posture, efficient resource utilization, reduced capital burn, and a unified response … Read more
January 23, 2024 at 02:16PM Threat actors operating Parrot TDS have intensified their efforts to avoid detection and potentially target millions of people through compromised websites. Researchers from Unit 42 have been tracking this traffic redirect system, which injects malicious scripts into existing JavaScript code. The researchers have also provided mitigation strategies and indicators of … Read more
January 22, 2024 at 06:09PM A new wave of cyberattacks is targeting a critical remote code-execution vulnerability in Apache ActiveMQ, using the Godzilla Web shell to gain control. The vulnerability, CVE-2023-46604, affects multiple versions of ActiveMQ and allows for malicious port scanning, code injection, and other activities. Over 3,400 vulnerable servers have been identified, leading … Read more
January 22, 2024 at 03:15PM Security researchers discovered the Parrot traffic direction system (TDS) to be rapidly evolving, enhancing its malicious capabilities. Targeting vulnerable WordPress and Joomla sites, it infects and redirects users to malicious locations, with 16,500 websites affected. The TDS operators sell the traffic to threat actors, who profile and redirect users to … Read more
January 22, 2024 at 07:18AM Cybersecurity researchers have uncovered a new Java-based information stealer, NS-STEALER, which uses a Discord bot to extract sensitive data from compromised systems. The malware disguises itself as cracked software within ZIP archives and exfiltrates data to a Discord Bot channel. The threat actors behind the Chaes malware have released an … Read more
January 19, 2024 at 11:57PM The U.S. CISA issued an emergency directive for Federal Civilian Executive Branch agencies to address actively exploited zero-day flaws in Ivanti Connect Secure and Policy Secure products. These vulnerabilities allow threat actors to execute commands and are being exploited, necessitating immediate mitigation. Ivanti is expected to release an update next … Read more
January 19, 2024 at 07:49PM The Ivanti Zero-Day vulnerability poses significant real-world impacts, with the need for immediate action to mitigate its effects. The broader concern lies in the pervasive vulnerability of VPNs. An alternative approach, such as Trend Microâ„¢ Zero Trust Secure Access, offers a promising solution to prevent vulnerabilities from escalating into major … Read more
January 19, 2024 at 02:30PM CISA issued an emergency directive to address widespread exploitation of Ivanti Connect Secure and Ivanti Policy Secure flaws by threat actors. Federal agencies must immediately implement mitigation measures, report indications of compromise, and take action to restore impacted appliances. Threat monitoring service has detected compromised Ivanti appliances being used for … Read more