Security News

CISA: Citrix RCE bug exploited to breach critical infrastructure org
2023-07-21 12:51

Threat actors have breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week.Because the targeted NetScaler ADC appliance was in a segregated environment on the network, the hackers were not able to move laterally to a domain controller, CISA says.

Genesis Market infrastructure and inventory sold on hacker forum
2023-07-14 20:29

The administrators of the Genesis Market for stolen credentials announced on a hacker forum that they sold the store and a new owner would get the reins "Next month." On June 28, the account GenesisStore, used by an operator of the Genesis Market for announcements on a hacker forum, posted that the group behind the store decided to sell the platform.

Rockwell warns of new APT RCE exploit targeting critical infrastructure
2023-07-14 18:52

Rockwell Automation says a new remote code execution exploit linked to an unnamed Advanced Persistent Threat group could be used to target unpatched ControlLogix communications modules commonly used in manufacturing, electric, oil and gas, and liquified natural gas industries.The company teamed up with the U.S. Cybersecurity and Infrastructure Security Agency to analyze the exploit linked to APT threat actors, but they have yet to share how they obtained it.

Infrastructure upgrades alone won’t guarantee strong security
2023-07-13 03:30

While 75% of organizations have made significant strides to upgrade their infrastructure in the past year, including the adoption of public cloud hosting and containerization, and 78% have increased their security budgets, only 2% of industry experts are confident in their security strategies, according to OPSWAT. Rapid evolution of web application security landscape. In today's rapidly evolving landscape of web application security, organizations are constantly striving to adapt and fortify their infrastructure, particularly with the rise of hybrid work environments.

Global rise in DDoS attacks threatens digital infrastructure
2023-06-29 03:30

In 2022, the total number of DDoS attacks worldwide increased by 115.1% over the amount observed in 2021, according to Nexusguard. While the overall number of DDoS attacks did more than double, the maximum size of 361.9 gigabits per second represented a 48.2% decrease over those measured in 2021.

Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks
2023-06-26 05:51

The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest. "The adversary consistently employed ManageEngine Self-service Plus exploits to gain initial access, followed by custom web shells for persistent access, and living-off-the-land techniques for lateral movement," the cybersecurity company said.

China's cyber now aimed at infrastructure, warns CISA boss
2023-06-13 04:45

China's cyber-ops against the US have shifted from espionage activities to targeting infrastructure and societal disruption, the director of the Cybersecurity and Infrastructure Security Agency Jen Easterly told an Aspen Institute event on Monday. "PRC actors have been in the spotlight for years and years, the key difference here was for PRC actors the focus has been espionage," said [VIDEO] Easterly.

Chinese Hacking of US Critical Infrastructure
2023-05-31 14:53

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection.

Augmenting Your Microsoft 365 EOP and MDO Email Security Infrastructure
2023-05-25 16:00

TechRepublic Premium Bring your own device policy PURPOSE The purpose of this Bring your own device policy from TechRepublic Premium is to provide requirements for BYOD usage and establish the steps that both users and the IT department should follow to initialize, support and remove devices from company access. These requirements must be followed as documented in order to protect company systems .....

Five Eyes agencies detail how Chinese hackers breached US infrastructure
2023-05-25 11:10

The National Security Agency and Five Eyes partner agencies have identified indicators of compromise associated with a People's Republic of China state-sponsored cyber actor dubbed Volt Typhoon, which is using living off the land techniques to target networks across US critical infrastructure. The authoring agencies also includes a summary of indicators of compromise values, such as unique command-line strings, hashes, file paths, exploitation of CVE-2021-40539 and CVE-2021-27860 vulnerabilities, and file names commonly used by this actor.