Security News
The U.S. Cybersecurity and Infrastructure Security Agency revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. CISA found that the Ivanti ICT failed to detect compromise while investigating multiple hacking incidents involving hacked Ivanti appliances.
According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. This vulnerability allegedly enables potential attackers to control any Anycubic 3D printer affected by this vulnerability using the company's MQTT service API. The file received by the impacted devices also asks Anycubic to open-source their 3D printers because the company's software "Is lacking."
Epic Games said they found zero evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached the company's servers. "We are investigating but there is currently zero evidence that these claims are legitimate," Epic Games told BleepingComputer in a statement.
Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government.
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. Today, Sophos X-Ops revealed that threat actors have been deploying LockBit ransomware on victims' systems after gaining access using exploits targeting these two ScreenConnect vulnerabilities.
The Information Technology Industry Council, which represents a laundry list of heavy hitters, expressed dissatisfaction over the proposed reporting rules, describing them as adding "Another hue of color to the kaleidoscope of incident reporting regimes" being passed by the US federal government of late. ITIC said the eight-hour reporting requirement was "Unduly burdensome and inconsistent" with other reporting rules, adding that the 72-hour update period "Does not reflect the shifting urgency throughout an incident response."
AnyDesk Software GmbH, the German company behind the widely used remote desktop application of the same name, has confirmed they've been hacked and their production systems have been compromised.The statement was published on Friday evening and lacks technical details about the breach.
Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it...
Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system."They then returned on November 22 and established persistent access to our Atlassian server using ScriptRunner for Jira, gained access to our source code management system, and tried, unsuccessfully, to access a console server that had access to the data center that Cloudflare had not yet put into production in São Paulo, Brazil," Cloudflare said.
Microsoft is reporting that a Russian intelligence agency-the same one responsible for SolarWinds-accessed the email system of the company's executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.