Internet Security

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

April 19, 2024 add comment
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one... Read more »

FBI chief says China is preparing to attack US critical infrastructure

April 19, 2024 add comment
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher Wray. FBI Director Christopher Wray warned this week that China-linked threat actors are preparing... Read more »

United Nations Development Programme (UNDP) investigates data breach

April 19, 2024 add comment
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack and the subsequent theft of data. The United Nations Development Programme (UNDP) is investigating... Read more »

FIN7 targeted a large U.S. carmaker phishing attacks

April 18, 2024 add comment
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor... Read more »

Law enforcement operation dismantled phishing-as-a-service platform LabHost

April 18, 2024 add comment
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the... Read more »

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

April 18, 2024 add comment
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since 2022. WithSecure researchers identified a new backdoor named Kapeka that has been used in... Read more »

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

April 18, 2024 add comment
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly available exploit code exists. Cisco has addressed a high-severity Integrated Management Controller (IMC) vulnerability... Read more »

Linux variant of Cerber ransomware targets Atlassian servers

April 17, 2024 add comment
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security... Read more »

Ivanti fixed two critical flaws in its Avalanche MDM

April 17, 2024 add comment
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can lead to remote command execution. Ivanti addressed multiple flaws in its Avalanche mobile device... Read more »

Researchers released exploit code for actively exploited Palo Alto PAN-OS bug

April 17, 2024 add comment
Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS. Researchers at watchTowr Labs have released a technical analysis of the vulnerability CVE-2024-3400 in... Read more »
Subscribe to our Newsletter