Security News

The MITRE Corporation reported a cyber attack that began in January 2024, involving a nation-state actor exploiting two zero-day vulnerabilities in Ivanti Connect Secure appliances. The attack compromised MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE), which is an unclassified network used for research and prototyping.The attackers used these vulnerabilities to bypass multi-factor authentication and execute arbitrary commands. They gained initial access, moved laterally within the network, and compromised the VMware infrastructure using an administrator account. This allowed them to deploy backdoors and web shells for ongoing access and data extraction.

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and...

Microsoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient. "They are learning to...

The MITRE Corporation says that a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. The incident was discovered after suspicious activity was detected on MITRE's Networked Experimentation, Research, and Virtualization Environment, an unclassified collaborative network used for research and development.

Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it...

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's...

Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants - cheap, independently produced, and crudely constructed - on the dark web. "Over the past two months some of the biggest players in the ransomware ecosystem have disappeared or shut down, and, in the past, we've also seen ransomware affiliates vent their anger over the profit-sharing scheme of RaaS. Nothing within the cybercrime world stays static forever, and these cheap versions of off-the-shelf ransomware may be the next evolution in the ransomware ecosystem-especially for lower-skilled cyber attackers simply looking to make a profit rather than a name for themselves," Budd concluded.

In an ongoing Kubernetes cryptomining campaign, attackers target OpenMetadata workloads using critical remote code execution and authentication vulnerabilities. The security vulnerabilities exploited in these attacks were patched one month ago, on March 15, in OpenMedata versions 1.2.4 and 1.3.1.

The Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups. Sandworm - a.k.a. BlackEnergy, Seashell Blizzard, Voodoo Bear, has been active since at least 2009, with multiple governments attributing its operations to Unit 74455, the Main Centre for Special Technologies within the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, better known as the Main Intelligence Directorate.

Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun...