MITRE breached by nation-state threat actor via Ivanti zero-days

MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware inf… Continue reading MITRE breached by nation-state threat actor via Ivanti zero-days

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go. Continue reading DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

A “cascade” of errors let Chinese hackers into US government inboxes

Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The sto… Continue reading A “cascade” of errors let Chinese hackers into US government inboxes

Zero-day exploitation surged in 2023, Google finds

2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer mo… Continue reading Zero-day exploitation surged in 2023, Google finds

Cyberespionage Campaign Targets Government, Energy Entities in India

Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India.
The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek.
Continue reading Cyberespionage Campaign Targets Government, Energy Entities in India

Chinese APTs Targeted ASEAN During Summit with Espionage Malware

By Waqas
The cyberattack occurred in the first week of March 2024 during the ASEAN-Australia Special Summit in Melbourne.
This is a post from HackRead.com Read the original post: Chinese APTs Targeted ASEAN During Summit with Espionage Malware
Continue reading Chinese APTs Targeted ASEAN During Summit with Espionage Malware

Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

Government agencies in the Five Eyes countries warn critical infrastructure entities of Chinese state-sponsored hacking group Volt Typhoon.
The post Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon appeared first on SecurityWeek.
Continue reading Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon