Cybersecurity

Category Added in a WPeMatico Campaign

Cybersecurity

The Mass Exploitation of Ivanti Connect Secure

Compromised Ivanti Connect Secure IPs Last Friday, CISA issued Emergency Directive 24-01 mandating all Federal Civilian Executive Branch (FCEB) agencies to address two actively exploited vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure. These vulnerabilities, CVE-2023-46805 (an authentication bypass vulnerability) and CVE-2024-21887 (a command-injection vulnerability), when exploited in combination, allow malicious actors to achieve […]

Cybersecurity

Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin

Jan 24, 2024NewsroomVulnerability / Endpoint Security A critical security flaw has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. “Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows […]

Cybersecurity

The Unknown Risks of The Software Supply Chain: A Deep-Dive

Jan 24, 2024The Hacker NewsVulnerability / Software Security In a world where more & more organizations are adopting open-source components as foundational blocks in their application’s infrastructure, it’s difficult to consider traditional SCAs as complete protection mechanisms against open-source threats. Using open-source libraries saves tons of coding and debugging time, and by that – shortens […]

Cybersecurity

U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

Jan 24, 2024NewsroomCryptocurrency / Cybercrime Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as […]

Cybersecurity

Threat Assessment: BianLian

This post is also available in: 日本語 (Japanese) Executive Summary Unit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data we’ve gathered. From that leak site data, we’ve primarily observed activity affecting the healthcare and manufacturing sectors and […]

Cybersecurity

LoanDepot says 16.6M customers had ‘sensitive personal’ information stolen in cyberattack | TechCrunch

About 16.6 million LoanDepot customers had their “sensitive personal” information” stolen in a cyberattack earlier this month, which the loan and mortgage giant has described as a ransomware attack. The loan company said in a filing with federal regulators on Monday that it would notify the affected customers of the data breach. LoanDepot did not […]