Internet Security

United Nations Development Programme (UNDP) investigates data breach

April 19, 2024 add comment
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack and the subsequent theft of data. The United Nations Development Programme (UNDP) is investigating... Read more »

FIN7 targeted a large U.S. carmaker phishing attacks

April 18, 2024 add comment
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor... Read more »

Law enforcement operation dismantled phishing-as-a-service platform LabHost

April 18, 2024 add comment
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the... Read more »

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

April 18, 2024 add comment
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since 2022. WithSecure researchers identified a new backdoor named Kapeka that has been used in... Read more »

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

April 18, 2024 add comment
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly available exploit code exists. Cisco has addressed a high-severity Integrated Management Controller (IMC) vulnerability... Read more »

Linux variant of Cerber ransomware targets Atlassian servers

April 17, 2024 add comment
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security... Read more »

Ivanti fixed two critical flaws in its Avalanche MDM

April 17, 2024 add comment
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can lead to remote command execution. Ivanti addressed multiple flaws in its Avalanche mobile device... Read more »

Researchers released exploit code for actively exploited Palo Alto PAN-OS bug

April 17, 2024 add comment
Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS. Researchers at watchTowr Labs have released a technical analysis of the vulnerability CVE-2024-3400 in... Read more »

Cisco warns of large-scale brute-force attacks against VPN and SSH services

April 17, 2024 add comment
Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.   Cisco Talos researchers warn of large-scale... Read more »

PuTTY SSH Client flaw allows of private keys recovery

April 16, 2024 add comment
The PuTTY Secure Shell (SSH) and Telnet client are impacted by a critical vulnerability that could be exploited to recover private keys. PuTTY tools from 0.68 to 0.80 inclusive are... Read more »
Subscribe to our Newsletter