Apr 13, 2024Newsroom Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company’s Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work […]
Apr 13, 2024Newsroom Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company’s Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work […]
Newly discovered HTTP/2 protocol vulnerabilities called “CONTINUATION Flood” can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
The threat actor group Magnet Goblin is rapidly exploiting newly disclosed vulnerabilities to target public-facing servers and edge devices, warned Check Point. The gang has been active since at least January 2022 and has used unpatched Ivanti Connect Secure VPN, Magento, Qlik Sense, and possibly Apache ActiveMQ servers to gain unauthorized access. Diving into details […]
The North Korean hacking group Kimsuky is using newly disclosed ScreenConnect vulnerabilities to deploy a polymorphic malware variant called ToddleShark for espionage and data theft.
Feb 14, 2024NewsroomZero-Day / Financial Sector Security A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of […]
The newly surfaced DragonForce ransomware gang has claimed responsibility for the attack, stating that they have encrypted devices and stolen data, including personal information of Ohio Lottery customers and employees.
The newly released Security and Exchange Commission (SEC) cyber incident disclosure rules have been met with mixed reviews. Of particular concern is whether public companies who own and operate industrial control systems and connected IoT infrastructure are prepared to fully define operational risk, and therefore are equipped to fully disclose material business risk from cyber […]
A newly emerged ransomware gang, Hunters International, is resorting to morally questionable tactics by leaking patients’ pre-operation pictures in order to hasten ransom negotiations.
- 1
- 2