Security News > 2024 > January

Volt Typhoon, the Chinese government-backed cyberspies whose infrastructure was at least partially disrupted by Uncle Sam, has been honing in on other US energy, satellite and telecommunications systems, according to Robert Lee, CEO of security shop Dragos. "We've been involved in incident response cases, as well as using our intelligence and capabilities to track that group and identify where they've been targeting," Lee said.

A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported versions of Windows could spell trouble for enterprise defenders. "I have only tested the whole thing a few times in a domain network consisting of a Windows 10 machine and a Windows Server 2022 domain controller. I was able to crash the event log service of the domain controller as an unprivileged user from the Windows 10 machine, and that was about it."

CISA has urged manufacturers of small office/home office routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon. Threat actors are compromising many such devices, taking advantage of the sheer numbers of SOHO routers used by Americans and using them as launchpads in attacks targeting U.S. critical infrastructure organizations.

Mobile devices are commonly used to conduct company business, which can render them more susceptible to risk than desktop or even laptop computers. The same social engineering, phishing and application/operating system vulnerabilities which plague desktops and laptops are just as applicable to mobile devices.

Ivanti has finally released the first round of patches for vulnerability-stricken Connect Secure and Policy Secure gateways, but in doing so has also found two additional zero-days, one of which is under active exploitation. The news comes days after Ivanti, which releases its patches on a staggered schedule, said the first batch of fixes - due last week - was delayed, and many versions remain without official fixes.

Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data.As first reported by BleepingComputer, Johnson Controls suffered a ransomware attack in September after the firm's Asia offices were initially breached, and the attackers spread throughout their network.

TL;DR: Provide yourself and your team with the ultimate VPN protection with a lifetime subscription to Ivacy VPN while it's available to new users for just $35 through February 4 at 11:59 p.m. Pacific. So it's imperative to keep yourself protected with a powerful VPN, both at home and abroad. However, all VPNs are not created equal.

Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation. "As part of our ongoing investigation into the vulnerabilities reported on 10 January in Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways, we have discovered new vulnerabilities. These vulnerabilities impact all supported versions - Version 9.x and 22.x," the company said today.

Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of...

Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to...