Security News > 2024 > June
A suspected Chinese threat actor tracked as UNC3886 uses publicly available open-source rootkits named 'Reptile' and 'Medusa' to remain hidden on VMware ESXi virtual machines, allowing them to conduct credential theft, command execution, and lateral movement. A new report by Mandiant unveils UNC3886's use of the mentioned rootkits on virtual machines for long-term persistence and evasion, as well as custom malware tools such as 'Mopsled' and 'Riflespine,' which leveraged GitHub and Google Drive for command and control.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept exploits. The vulnerability arises from insufficient validation of path traversal sequences, enabling attackers to bypass security checks and access sensitive files.
Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack. CDK Global is a software-as-a-service platform that provides a full suite of applications to handle a car dealership's operation, including sales, back office, financing, inventory, and service and support.
Ohio-based Crown Equipment, which is among the largest industrial and forklift truck manufacturers in the world, has become a victim of a cyberattack "By an international cybercriminal organization," the company has finally confirmed to its employees on Tuesday. The confirmation came nine days after the company's network went down and eight days after its manufacturing plants came to a standstill, as reported as reported by German security blogger Günter Born.
Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors....
State-sponsored actors with ties to Russia have been linked to targeted cyber attacks aimed at French diplomatic entities, the country's information security agency ANSSI said in an advisory. The...
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Two powerful endpoint detection and response tools being deployed around the world are Kaspersky Endpoint Security for Business and Bitdefender GravityZone Business Security. Below, we'll take a look at what Kaspersky and Bitdefender have in common and where each product pulls ahead of the other.
About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.