Web Shell – WindowsTechs.com

1,700 Ivanti VPN devices compromised. Are yours among them?

Posted on January 16, 2024 by Zeljka Zorz

Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are acti… Continue reading 1,700 Ivanti VPN devices compromised. Are yours among them?→

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

Posted on January 11, 2024 by Zeljka Zorz

Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk… Continue reading Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)→

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)

Posted on November 9, 2023 by Helga Labus

A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day … Continue reading MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)→

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise

Posted on August 16, 2023 by Zeljka Zorz

Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A recent internet scan by Fox-IT researchers has revealed over 1,800 backdoored Net… Continue reading (Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise→

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise

Posted on August 16, 2023 by Zeljka Zorz

Microsoft Exchange admins advised to expand antivirus scanning

Posted on February 27, 2023 by Zeljka Zorz

After having stressed the importance of keeping Exchange servers updated last month, Microsoft is advising administrators to widen the scope of antivirus scanning on those servers. Microsoft Exchange servers in attackers’ crosshairs Cyber attacke… Continue reading Microsoft Exchange admins advised to expand antivirus scanning→

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)

Posted on September 30, 2022 by Zeljka Zorz

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying t… Continue reading Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)→

Unpatched Atlassian Confluence zero-day exploited, fix expected today (CVE-2022-26134)

Posted on June 3, 2022 by Zeljka Zorz

A critical zero-day vulnerability (CVE-2022-26134) in Atlassian Confluence Data Center and Server is under active exploitation, the software maker has warned on Thursday. There is currently no fix available – though they are expected to be releas… Continue reading Unpatched Atlassian Confluence zero-day exploited, fix expected today (CVE-2022-26134)→

Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)

Posted on December 3, 2021 by Zeljka Zorz

An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including defense and tech. “Successful exploitation of the vulnerability allows an at… Continue reading Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)→

Hackers with Chinese links breach defense, energy targets, including one in US

Posted on November 8, 2021 by Tim Starks

Suspected spies using similar tools and tactics to a Chinese government-connected hacking group compromised nine organizations in the defense, education, energy and health care industries across the globe beginning in September, according to new research. The hackers were “indiscriminate” in targeting that included parts of the U.S. Defense Department, according to Palo Alto Networks, which published its findings on Sunday with an assist from the National Security Agency’s Cybersecurity Collaboration Center. That center primarily works with defense contractors to collect and share threat information. At least one of the victims was a U.S. organization, Palo Alto Networks said, but didn’t name the nine compromised entities. The company “believes that the actor’s primary goal involved gaining persistent access to the network and the gathering and exfiltration of sensitive documents from the compromised organization.” The research comes on the heels of a Sept. 16 warning from the Department of Homeland Security’s Cybersecurity […]

The post Hackers with Chinese links breach defense, energy targets, including one in US appeared first on CyberScoop.

Continue reading Hackers with Chinese links breach defense, energy targets, including one in US→