January 12, 2024 at 09:18AM Suspected nation-state actors exploited two zero-day vulnerabilities in Ivanti Connect Secure VPN, deploying multiple malware families to gain backdoor access to devices. The attacks, attributed to a Chinese espionage actor, targeted less than 10 customers and are expected to be highly-targeted. Patches are anticipated on January 22. Mandiant identified the … Read more
January 10, 2024 at 12:07PM Ransomware victims facing extortion attempts from a third party posing as a security researcher. Arctic Wolf Labs highlighted cases involving victims of Royal and Akira gangs being extorted by an individual or group, requesting a fee of 5 Bitcoin. The victims, US-based SMBs in finance and construction, did not pay … Read more
January 10, 2024 at 06:34AM Cisco Talos released a decryptor for the Tortilla variant of Babuk ransomware, enabling victims to regain file access. The cybersecurity firm shared intelligence that led to the arrest of the threat actor. Avast also obtained the encryption key, updating its decryptor for all Tortilla victims. Meanwhile, Security Research Labs unveiled … Read more
January 10, 2024 at 12:06AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six actively exploited security flaws to its catalog, including a high-severity vulnerability in Apache Superset. Details of the issue were first reported in April 2023. CISA recommends federal agencies to apply fixes for these bugs by January 29, 2024, to … Read more
January 9, 2024 at 10:12AM At Blackhat 2004, the founder of Red Cliff Consulting presented on “The Evolution of Incident Response,” addressing challenges like increasing attack complexity, evolving response methodologies, and the need for pre-incident preparation. Despite technological advancements, core incident response principles remain the same. Issues like email, patching, and human error persist. Three … Read more
January 8, 2024 at 08:36AM Security professionals are prioritizing use cases such as incident response, alert triage, vulnerability management, spear phishing, and threat intelligence for technology investments. Automation adoption is driven by the need for efficiency, with top use cases varying by industry. A standardized, data-driven and extensible platform is key for successful security automation … Read more
January 4, 2024 at 05:40PM Industrial Defender has launched the Industrial Defender Risk Signal, a risk-based vulnerability management (RBVM) solution tailored for industrial environments. The solution significantly reduces vulnerability lists, integrates threat intelligence, and allows customizable risk tolerance. Industrial Defender is a trusted provider of OT asset data and cybersecurity solutions with a mission to … Read more
January 4, 2024 at 11:20AM A cybercriminal offered the Zeppelin ransomware source code and builder on a forum for $500. Despite questions about its legitimacy, screenshots indicate it is genuine. The seller, ‘RET,’ claims to have cracked the builder without a license and intends to sell it to a single buyer. Security flaws in Zeppelin’s … Read more
January 4, 2024 at 01:48AM Mandiant, a Google Cloud subsidiary, had its Twitter account compromised for over six hours by an unknown attacker to promote a cryptocurrency scam. The account has been restored. The breach involved an impersonation of a crypto wallet service and scam posts about an airdrop. The details of the breach remain … Read more
January 3, 2024 at 07:07PM Microsoft disabled the ms-appinstaller URI scheme due to its misuse by threat actors to install malware. The scheme was re-enabled on August 5, 2022, for some enterprise customers. However, its abuse allowed bypassing of Microsoft’s security checks. Microsoft is revoking abused code signing certificates and advising updates and policy changes … Read more