Enlarge Getty Images Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor authentication and execute malicious code inside networks that use a widely used virtual private network appliance sold by Ivanti, researchers said Wednesday. Ivanti reported bare-bones details concerning the zero-days in posts published on Wednesday that urged […]
By: Dylan Duncan Threat actors are using employee’s annual responsibilities like open enrollment, 401k updates, salary adjustments, and even employee satisfaction surveys as lures to steal credentials. Most of these responsibilities tend to fall towards the end of the year, which is subjective to the calendar the employer uses. Employees typically expect, and in some […]
Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer (AMOS) onto Mac users. This stealer has proven to be quite popular in the criminal underground and its developers have been adding new features to justify its hefty $3000/month rental fee. It looks like Atomic Stealer was updated around […]
The vulnerability, found in the software’s web-based management interface, allows attackers to execute commands on the underlying operating system by uploading arbitrary files.
Jan 11, 2024NewsroomOnline Security / Cryptocurrency The compromise of Mandiant’s X (formerly Twitter) account last week was likely the result of a “brute-force password attack,” attributing the hack to a drainer-as-a-service (DaaS) group. “Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were […]
Jan 11, 2024NewsroomCybersecurity / Zero-Day A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, […]
Jan 11, 2024NewsroomVulnerability / Patch Management Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is […]
The cybersecurity sector recorded 346 funding rounds and 91 mergers and acquisition (M&A) transactions in 2023, according to cyber recruitment firm Pinpoint Search Group. This equals 437 cyber deals in total and a 40% increase from 2022, which saw 303 deals signed in the sector. However, the overall cyber investment raised in 2023 only amounted […]
Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management Post-Breach List of Affected Individuals Growing; More Lawsuits Filed Marianne Kolbasuk McGee (HealthInfoSec) • January 9, 2024 Breach reports and lawsuits continue to pile up in some major health data hacks first reported months ago. (Image: Getty) Fallout is mounting, and new […]