Security News

The U.S. Cybersecurity and Infrastructure Security Agency revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets. The authoring organizations encourage network defenders to assume that user and service account credentials stored within the affected Ivanti VPN appliances are likely compromised, hunt for malicious activity on their networks using the detection methods and indicators of compromise within this advisory, run Ivanti's most recent external ICT, and apply available patching guidance provided by Ivanti as version updates become available.

The U.S. Cybersecurity and Infrastructure Security Agency revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. CISA found that the Ivanti ICT failed to detect compromise while investigating multiple hacking incidents involving hacked Ivanti appliances.

Today, the FBI, CISA, and the Department of Health and Human Services warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. Today's warning follows an April 2022 FBI flash alert and another advisory issued in December 2023 detailing the BlackCat cybercrime gang's activity since it surfaced in November 2021 as a suspected rebrand of the DarkSide and BlackMatter ransomware groups.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV)...

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting attacks. The security flaw is a persistent cross-site scripting bug that lets attackers access restricted information via plain/text messages maliciously crafted links in low-complexity attacks requiring user interaction.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it's partnering with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to...

CISA confirmed today that attackers are actively exploiting a critical remote code execution bug patched by Fortinet on Thursday. CISA's announcement comes one day after Fortinet published a security advisory saying the flaw was "Potentially being exploited in the wild."

CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday. In response to the "Substantial threat" and significant risk of security breaches posed by compromised Ivanti VPN appliances, CISA now mandates all federal agencies to "Disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks," "As soon as possible" but no later than 11:59 PM on Friday, February 2.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities...