Security News
The MOVEit hack was not the same as classic ransomware attacks for which groups like Clop initially gained notoriety. Emerging digital forensic analysis from the aftermath of MOVEit suggests the hackers knew about the zero-day flaw in MOVEit as far back as 2021 when they tested it out covertly to see how much access they could get.
A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts. The vulnerability has been under active exploitation since April 2023, helping distribute various malware families, including DarkMe, GuLoader, and Remcos RAT. The WinRAR zero-day vulnerability allowed the threat actors to create malicious.
Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one's own network. This has increased the percentage of Zero Trust advocates from 24% to 55%. The security model known as Zero Trust is an overarching security strategy designed to continuously audit and verify access to resources, both internally and externally.
The Department of Homeland Security's Cyber Safety Review Board has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies. In mid-July 2023, Microsoft reported that a Chinese hacking group tracked as 'Storm-0558' breached the email accounts of 25 organizations, including US and Western European government agencies, using forged authentication tokens from a stolen Microsoft consumer signing key.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor malware named 'Whirlpool' used in attacks on compromised Barracuda Email Security Gateway (ESG) devices. [...]
A married couple from New York City has pleaded guilty to money laundering charges in connection with the 2016 hack of cryptocurrency stock exchange Bitfinex, resulting in the theft of about...
Infosec in brief US senator Ron Wyden thinks it's Microsoft's fault that Chinese hackers broke into Exchange Online, and he wants three separate government agencies to launch investigations and "Hold Microsoft responsible for its negligent cyber security practices." The Chinese hack of Microsoft's hosted email service, you may recall, occurred because suspected Chinese hackers were able to steal an encryption key used for Microsoft account services.
North Korean nation-state actors affiliated with the Reconnaissance General Bureau have been attributed to the JumpCloud hack following an operational security blunder that exposed their actual IP address. The intrusion directed against JumpCloud took place on June 22, 2023, as part of a sophisticated spear-phishing campaign that leveraged the unauthorized access to breach fewer than five customers and less than 10 systems in what's called a software supply chain attack.
The Norwegian National Security Authority has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile solution to breach a software platform used by 12 ministries in the country. The Norwegian National Cyber Security Center also notified all known MobileIron Core customers in Norway about the existence of a security update to address this actively exploited zero-day bug.
A hacking unit of North Korea's Reconnaissance General Bureau was linked to the JumpCloud breach after the attackers made an operational security mistake, inadvertently exposing their real-world IP addresses. While North Korean state hackers are known for using commercial VPN services to mask their IP addresses and actual locations, during the JumpCloud attack, the VPNs they were using failed and exposed their location in Pyongyang while connecting to a victim's network.