What 6 Cybersec Experts Have Said About the Lebanon Pager Attacks

Image source: Shutterstock The attacks resulted from someone physically planting small explosives on pagers destined for Hezbollah members and triggering it with a message. For those wondering if the deadly pager explosions in Lebanon this week signal a new frontier in cyberattacks, the answer for the moment appears to be a definite “no”. Cybersecurity experts […]

Read More
International

Iran’s APT34 hits Iraq Govt with new malware and C2 tactics

Image source: Shutterstock The threat actor is using email, DNS tunneling and an updated IIS backdoor to communicate with “Veaty” and “Spearal”, two new malware tools in its portfolio. Here’s what’s noteworthy about the campaign: An attacker thought to be Iran’s APT34 group (aka Oil Rig, Greenbug and Helix Kitten) has launched a new campaign targeting government […]

Read More
Vulnerabilities

New Vuln Enables Admin Access on Domain-Joined ESXi Hypervisors

Image Source: Shutterstock Ransomware attackers are leveraging CVE-2024-37085 to drop Black Basta, Akira on vulnerable systems, Microsoft says. Ransomware operators are exploiting an authentication bypass vulnerability in ESXi hypervisors to gain full administrative control of ESXi hypervisors connected to Windows domains. Adversaries can use the access to encrypt file systems and disrupt all virtual servers […]

Read More
notebook screen displaying VPN logo
Emerging Threats Enterprise Malware Vulnerabilities

Mandiant Updates Guidance for Protecting Against Ivanti Vulnerabilities

Image source: Shutterstock Following its disclosure of two new zero-days Jan 31, Ivanti too has updated its mitigation file. Customers who applied previous mitigation would need re-apply it to address new flaws. Google’s Mandiant security group has released updated guidance for Ivanti customers looking to remediate or harden their Ivanti Connect Secure (formerly Pulse Secure) […]

Read More
Coding script text on screen. Notebook closeup photo.
Emerging Threats Vulnerabilities

Critical Vulnerability in Jenkins CLI Could Enable Remote Code Execution

Image source: Shutterstock CVE-2024-23897 is the most serious of 12 vulnerabilities that the Jenkins team disclosed on Jan 24. The Jenkins infrastructure team has issued a patch for a critical remote code execution vulnerability in the widely used open-source automation technology for building, testing and deploying application software. CVE-2024-23897 is an arbitrary file read vulnerability […]

Read More
High contrast image of a time bomb on a wooden background
Breaches Emerging Threats Enterprise Vulnerabilities

CVE-2024-0204 in GoAnywhere MFT is a Ticking Time Bomb

Image source: Shutterstock More than 96% of GoAnywhere MFT assets that security vendor Tenable observed on Jan 23 were vulnerable. Mass attacks could soon begin against a critical authentication bypass flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) technology following the release of a proof-of-concept exploit for it this week. Fortra informed customers privately about […]

Read More
Cell phone screen with the word VPN
Breaches Emerging Threats Vulnerabilities

China’s UTA0178 Threat Group Backdoors 2,100 Ivanti VPN Appliances Via Recently Disclosed 0-Days

Image Source: Shutterstock Attacker stealing sensitive system data, tampering with built-in Integrity Check to hide signs of malicious activity. Multiple threat actors have joined Chinese advanced persistent threat group UTA0178 in targeting two recently disclosed zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances following the public release of a proof-of-concept exploit for the flaws […]

Read More
Breaches Vulnerabilities

Exploit Available for Docker Versions of ownCloud Affected by Recent Max. Severity Bug

Image credit: Shutterstock More than 4,000 ownCloud instances remain exposed to attack via CVE-2023-49103; CISA adds vuln to KEV catalog. Attack surface management vendor Onyphe has discovered a total of 4,129 Internet-connected instances of ownCloud that are exposed to attack via the recently disclosed unauthenticated disclosure vulnerability (CVE-2023-49103) in the open-source file sharing and synchronization […]

Read More
Emerging Threats Enterprise Vulnerabilities

LockBit Ransomware Operators Targeting CitrixBleed in Coordinated Attacks

Image source: Shutterstock China’s ICBC, Boeing, Australian logistics giant DP World, major law firm among known victims so far; More than 5,000 organizations worldwide remain unpatched and vulnerable to CVE-2023-4966 Multiple LockBit ransomware operators are apparently working in a coordinated manner to break into major organizations via “CitrixBleed” (CVE-2023-4966) a critical vulnerability in several versions […]

Read More
Vulnerabilities

Atlassian Discloses Critical Vulnerability in Confluence Data Center & Server

Image source: Shutterstock Customers vulnerable to “significant data loss” if attackers exploit CVE-2023-22518, company CISO warns. Atlassian wants customers of its Confluence Data Center and Server to immediately upgrade to new versions of the software the company has just released to protect against a critical vulnerability in the collaboration platform. All versions affected: The vulnerability […]

Read More