Cybersecurity
Category Added in a WPeMatico Campaign
Jan 24, 2024NewsroomCloud Security / Kubernetes Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters […]
Ransomware In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware. By: Emmanuel Panopio, Christian Jason Geollegue, Julius Keith Estrellado, Christian Alpuerto, Shawn Austin Santos, Emmanuel Roll, Rhio Manaog, Gerald Fernandez, […]
Jan 24, 2024The Hacker NewsSaaS Security / Endpoint Security In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional […]
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows “threat actors to terminate antivirus processes and services for the deployment of […]
For those concerned, the Trello leak has been added to the Have I Been Pwned data breach notification service, allowing anyone to check if they are among the 15 million leaked email addresses.
Compromised Ivanti Connect Secure IPs Last Friday, CISA issued Emergency Directive 24-01 mandating all Federal Civilian Executive Branch (FCEB) agencies to address two actively exploited vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure. These vulnerabilities, CVE-2023-46805 (an authentication bypass vulnerability) and CVE-2024-21887 (a command-injection vulnerability), when exploited in combination, allow malicious actors to achieve […]
Jan 24, 2024NewsroomVulnerability / Endpoint Security A critical security flaw has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. “Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows […]
Jan 24, 2024The Hacker NewsVulnerability / Software Security In a world where more & more organizations are adopting open-source components as foundational blocks in their application’s infrastructure, it’s difficult to consider traditional SCAs as complete protection mechanisms against open-source threats. Using open-source libraries saves tons of coding and debugging time, and by that – shortens […]
Jan 24, 2024NewsroomCryptocurrency / Cybercrime Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as […]