Security News > 2024 > February

Chinese state-sponsored hackers have breached the Dutch Ministry of Defense last year and deployed a new remote access trojan malware to serve as a backdoor. "The effects of the intrusion were limited because the victim network was segmented from the wider MOD networks," the Dutch Military Intelligence and Security Service and the General Intelligence and Security Service noted.

Threat hunting involves preemptively searching for threat indicators and potential vulnerabilities on the network that other tools missed. Threat hunting proactively seeks out the causes of advanced threats, such as unpatched vulnerabilities or poor security hygiene, and the signs that one is already occurring-such as unusual account behavior on the network-helping with advanced threat prevention and mitigation.

Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs. The previous record-high figure was set in 2021, with ransomware payments amounting to $983 million, surpassing the preceding record of $905 million in 2020 by approximately 10%. Unfortunately, the resurgence of ransomware in 2023 confirms that 2022 was a statistical anomaly, with that year's activity impacted by geopolitical events like the war between Russia and Ukraine and law enforcement's dismantling of the Hive operation.

The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked...

NVD published two advisories this week for critical command injection vulnerabilities purportedly impacting Fortinet's FortiSIEM products, but there's more to what meets the eye. BleepingComputer has confirmed that these CVEs are not "New," but duplicates of a previously known FortiSIEM vulnerability and were issued in error.

In a report published on Tuesday, Google TAG named eleven commercial spyware vendors and their products - some of them more and some less known. Apart from commercial surveillance vendors and private sector offensive actors, other actors on the spyware market include vulnerability researchers and exploit developers, government customers, and brokers that act as intermediaries between these groups.

JetBrains is encouraging all users of TeamCity to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool. The vulnerability only requires attention for admins of on-prem servers since TeamCity Cloud has already been patched.

Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given the opportunity. If an AI system learned such a deceptive strategy, could we detect it and remove it using current state-of-the-art safety training techniques? To study this question, we construct proof-of-concept examples of deceptive behavior in large language models.

2024 will be the year of the vCISO. An incredible 45% of MSPs and MSSPs are planning to start offering vCISO services in 2024. As an MSP/MSSP providing vCISO services, you own the organization’s...

JetBrains has patched a critical authentication bypass vulnerability affecting TeamCity On-Premises continuous integration and deployment servers. CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative privileges on the server.