June 25, 2024 at 08:14AM The latest Omdia Vulnerability Report highlights Trend Micro™ Zero Day Initiative’s significant role in cybersecurity, spearheading 60% of 2023 disclosures. This underscores Trend’s comprehensive threat coverage, proactive risk mitigation, and trustworthiness. Leveraging Trend’s expertise can help organizations effectively manage attack surface risk and stay ahead of potential cyber threats. Based … Read more
June 20, 2024 at 01:49PM Threat actor UNC3886, suspected to be Chinese, uses open-source rootkits like ‘Reptile’ and ‘Medusa’ on VMware ESXi virtual machines to conduct credential theft, command execution, and lateral movement. Mandiant tracked UNC3886’s attacks on government organizations and revealed their recent use of rootkits, custom malware tools, and attacks targeting various industries … Read more
June 14, 2024 at 10:27AM The text discusses the increasing mass exploitation attacks targeting edge and infrastructure devices. It highlights the rise in criminal targeting, particularly through zero-day vulnerabilities, facilitated by the internet-facing nature of these devices. The research indicates a growing number of vulnerabilities in edge devices compared to non-edge devices, with high severity … Read more
May 23, 2024 at 07:22AM Zero-day attacks and supply chain mass compromise events are on the rise, with inadequate use of MFA, according to Rapid7’s 2024 Attack Intelligence Report. The report highlights a growing number of zero-day exploits and mass compromise events, driven by growing sophistication of cybercriminals and potential non-disclosure of vulnerabilities by vendors. … Read more
April 25, 2024 at 12:06PM A state-sponsored threat actor named UAT4356 conducted a global cyber espionage campaign by exploiting two Cisco zero-day vulnerabilities in firewall devices. Dubbed “ArcaneDoor,” the campaign targeted government networks and utilized custom backdoor malware called “Line Dancer” and “Line Runner.” Organizations are advised to patch their systems and monitor for any … Read more
April 24, 2024 at 01:10PM Cisco warns of state-backed hacking involving zero-day vulnerabilities in ASA and FTD firewalls used to infiltrate government networks globally. The cyber-espionage campaign, known as ArcaneDoor, targeted vulnerable edge devices since November 2023. Cisco discovered and fixed two zero-days – CVE-2024-20353 and CVE-2024-20359 – and urges customers to upgrade their devices … Read more
April 22, 2024 at 08:00AM MITRE Corporation was targeted by a nation-state cyber attack exploiting two zero-day flaws in Ivanti Connect Secure appliances, compromising the NERVE network. The attack bypassed multi-factor authentication and moved laterally to breach VMware infrastructure. MITRE contained the incident and attributed the attack to a nation-state actor, urging for improved cybersecurity … Read more
April 19, 2024 at 10:49AM VulnCheck, a startup focused on exploit intelligence, has successfully raised an $8 million seed-stage funding round led by Sorenson Ventures. The company, based in Lexington, Mass., aims to provide technology to prioritize vulnerabilities and offer an early-warning system for software exploitation activity. It differentiates itself through its delivery of machine-readable … Read more
April 10, 2024 at 06:18AM Microsoft’s April 2024 Patch Tuesday updates fix around 150 vulnerabilities, including two zero-day exploits. The first, CVE-2024-26234, involves a proxy driver spoofing flaw in Windows, reportedly linked to an Android app named LaiXi associated with a backdoor. Microsoft addressed this issue by adding relevant files to its driver revocation list. … Read more
March 27, 2024 at 10:10AM Google’s Threat Analysis Group and Mandiant reported a notable increase in zero-day vulnerabilities exploited in 2023, with 97 instances, mostly linked to spyware vendors and their clients. Enterprise and end-user platforms were targeted, with an increase in government-backed attacks and commercial surveillance vendors responsible for half of the exploits. Google … Read more