Security News

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits
2024-01-20 04:31

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against...

Chinese hackers exploit VMware bug as zero-day for two years
2024-01-19 16:32

A Chinese hacking group has been exploiting a critical vCenter Server vulnerability as a zero-day since at least late 2021. In the next stage, they exploited the CVE-2023-20867 VMware Tools authentication bypass flaw to escalate privileges, harvest files, and exfiltrate them from guest VMs. While, until now, Mandiant didn't know how the attackers gained privileged access to victims' vCenter servers, the link was made evident in late 2023 by a VMware vmdird service crash minutes before the backdoors' deployment closely matching CVE-2023-34048 exploitation.

Adversaries exploit trends, target popular GenAI apps
2024-01-18 04:00

While Netskope expects the total number of users accessing AI apps in the enterprise to continue rising moderately next year, there is an emerging population of power users who are steadily growing their use of generative AI apps. Overall adoption of cloud applications continued to rise throughout the year, with enterprise users consistently trying out new apps while increasing their usage of the most popular apps.

Ivanti zero-day exploits explode as bevy of attackers get in on the act
2024-01-16 15:00

There's a "Reasonable chance" that Ivanti Connect Secure VPN users are already compromised if they didn't apply the vulnerability mitigation released last week, experts say. The latest data from Volexity shows that successful exploits of two Ivanti zero-days have accelerated sharply to more than 1,700 devices.

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now
2024-01-16 13:39

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS)...

GrapheneOS: Frequent Android auto-reboots block firmware exploits
2024-01-14 15:32

The GrapheneOS team behind the privacy and security-focused Android-based operating system with the same name is suggesting that Android should introduce an auto-reboot feature to make exploitation of firmware flaws more difficult. The project revealed that it recently reported firmware vulnerabilities in the Android operating system that impact Google Pixel and Samsung Galaxy phones, which could be exploited to steal data and spy on users when the device is not at rest.

Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs
2024-01-12 23:54

Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information - passwords, cookies, authentication tokens, you name it - to grab and leak. That file exploits CVE-2023-36025 to evade the Windows SmartScreen as it downloads and opens a.cpl file, which is a Windows control panel item.

Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew
2024-01-12 19:34

Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list. Without specifically identifying the gang, researcher Kevin Beaumont said that at least one ransomware group has a working exploit for the critical vulnerability, which can potentially achieve remote code execution although the US Cybersecurity and Infrastructure Security Agency said its use in ransomware campaigns is currently "Unknown."

Infoseccers think attackers backed by China are behind Ivanti zero-day exploits
2024-01-11 15:06

Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. Ivanti believes fewer than ten victims have been successfully attacked thus far, but according to a Shodan scan by Beaumont, the number of vulnerable gateways exposed to the internet is just north of 15,000.

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
2024-01-11 14:16

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to...