Mandiant – WindowsTechs.com

Google Acquires Wiz for Record $32 Billion

Posted on March 18, 2025 by Waqas

$32B Wiz acquisition: Google ramps up cloud security. Following Mandiant, this deal signals major GCP defense upgrade. Continue reading Google Acquires Wiz for Record $32 Billion→

Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers

Posted on March 12, 2025 by Ryan Naraine

China-nexus cyberespionage group caught planting custom backdoors on end-of-life Juniper Networks Junos OS routers.
The post Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers appeared first on SecurityWeek.
Continue reading Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers→

How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying

Posted on February 19, 2025 by Ryan Naraine

Mandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations.
The post How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying appea… Continue reading How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying→

UK domain registry Nominet breached via Ivanti zero-day

Posted on January 13, 2025 by Zeljka Zorz

The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver Foundation shared today. In the meantime, UK domain registry Nominet became the fi… Continue reading UK domain registry Nominet breached via Ivanti zero-day→

New zero-day exploit targets Ivanti VPN product

Posted on January 9, 2025 by mbracken

Mandiant says it found malware in impacted devices associated with a Chinese-linked threat group.

The post New zero-day exploit targets Ivanti VPN product appeared first on CyberScoop.

Continue reading New zero-day exploit targets Ivanti VPN product→

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)

Posted on January 9, 2025 by Zeljka Zorz

The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant researchers have shared. It’s still impossible to say whether they were mount… Continue reading Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)→

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)

Posted on January 8, 2025 by Zeljka Zorz

Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways, one of which (CVE-2025-0282) has been exploited as a zero-day by attackers to compromise Connect Secure VPN appliances. About CVE-2025-0282 and CVE-20… Continue reading Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)→

Clop is back to wreak havoc via vulnerable file-transfer software

Posted on December 17, 2024 by Greg Otto

In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks. Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT […]

The post Clop is back to wreak havoc via vulnerable file-transfer software appeared first on CyberScoop.

Continue reading Clop is back to wreak havoc via vulnerable file-transfer software→

Court indicts 14 North Korean IT workers tied to $88 million in illicit gains

Posted on December 12, 2024 by Tim Starks

It’s part of a broader effort to counter Pyongyang’s use of tech professionals to fool U.S. companies and nonprofits.

The post Court indicts 14 North Korean IT workers tied to $88 million in illicit gains appeared first on CyberScoop.

Continue reading Court indicts 14 North Korean IT workers tied to $88 million in illicit gains→

Canadian Man Arrested in Snowflake Data Extortions

Posted on November 5, 2024 by BrianKrebs

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake.

On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday.

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations. Continue reading Canadian Man Arrested in Snowflake Data Extortions→