Chinese hackers compromised an ISP to deliver malicious software updates

APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive… Continue reading Chinese hackers compromised an ISP to deliver malicious software updates

Pakistani Threat Actors Caught Targeting Indian Gov Entities

Security researchers at Cisco Talos and Volexity flag two Pakistani espionage campaigns targeting Indian government entities.
The post Pakistani Threat Actors Caught Targeting Indian Gov Entities appeared first on SecurityWeek.
Continue reading Pakistani Threat Actors Caught Targeting Indian Gov Entities

MITRE breach details reveal attackers’ successes and failures

MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect Secure VPN ap… Continue reading MITRE breach details reveal attackers’ successes and failures

MITRE breached by nation-state threat actor via Ivanti zero-days

MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware inf… Continue reading MITRE breached by nation-state threat actor via Ivanti zero-days

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices’ telemetry, it has now been confirmed that this mitigation is ineffectual. “Device teleme… Continue reading Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks

Earlier today, Palo Alto Networks revealed that a critical command injection vulnerability (CVE-2024-3400) in the company’s firewalls has been exploited in limited attacks and has urged customers with vulnerable devices to quickly implement mitig… Continue reading CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo Alto Networks’ firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been… Continue reading Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

Ivanti Struggling to Hit Zero-Day Patch Release Schedule

Ivanti is struggling to hit its own timeline for the delivery of patches for critical — and already exploited — flaws in its flagship VPN appliances.
The post Ivanti Struggling to Hit Zero-Day Patch Release Schedule appeared first on SecurityWeek.
Continue reading Ivanti Struggling to Hit Zero-Day Patch Release Schedule

CISA Issues Emergency Directive on Ivanti Zero-Days

The US government’s cybersecurity agency CISA ramps up the pressure on organizations to mitigate two exploited Ivanti VPN vulnerabilities.
The post CISA Issues Emergency Directive on Ivanti Zero-Days appeared first on SecurityWeek.
Continue reading CISA Issues Emergency Directive on Ivanti Zero-Days

1,700 Ivanti VPN devices compromised. Are yours among them?

Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are acti… Continue reading 1,700 Ivanti VPN devices compromised. Are yours among them?