Collaborate Disseminate
Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s e… Continue reading Faraway Russian hackers breached US organization via Wi-Fi
Participants of the Windows Insider Program that have a Qualcomm Snapdragon-powered Copilot+ PC can now try out Recall, the infamous snapshot-taking, AI-powered feature that was met with much criticism when it was unveiled earlier this year. “We … Continue reading Microsoft asks Windows Insiders to try out the controversial Recall feature
Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Compromised devices are predom… Continue reading 2,000 Palo Alto Networks devices compromised in latest attacks
North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo … Continue reading North Korean hackers pave the way for Play ransomware
Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft Teams. Phishing via MS Teams Earlier this year, Rapid7 warned about Black Basta u… Continue reading Black Basta operators phish employees via Microsoft Teams
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few da… Continue reading Exploited: Cisco, SharePoint, Chrome vulnerabilities
Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a crit… Continue reading Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)
In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. Security updates are trickling out The company, which is known fo… Continue reading Fortinet releases patches for undisclosed critical FortiManager vulnerability
Microsoft has lost several weeks of cloud security logs that its customers rely on to spot cyber intrusions. What happened As reported by Business Insider earlier this month, Microsoft privately notified affected customers of this incident and told the… Continue reading Microsoft lost some customers’ cloud security logs
Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it… Continue reading 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)