Sisense Security Week reports: The US government cybersecurity agency CISA on Thursday issued a red-alert for what appears to be a massive supply chain breach at Sisense, a New York company that sells big-data analytics tools to businesses. In a cryptic note, CISA warned of a recent “compromise of Sisense customer data” that was discovered […]
“Two quick taps and we open the door” This may give you second thoughts about any hotel you stay in, or at least what brand of keycard door lock they use for hotel rooms. Andy Greenberg of WIRED reports: When thousands of security researchers descend on Las Vegas every August for what’s come to be […]
Livemint reports: Cybercriminals have found a way to gain access to people’s Google accounts without needing their password, and the new exploit gives hackers continued access to Google services even after a user’s password has been reset. The new vulnerability was analysed by security firm CloudSEK and reported by The Independent. Furthermore, the issue first […]
Bleeping Computer reports: Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. “Google is aware that an exploit for CVE-2023-7024 exists in the wild,” a security advisory published Wednesday said. The company fixed the zero-day bug for users in the Stable Desktop […]
SiliconAngle reports: Cisco Systems Inc.’s Talos Intelligence unit posted today new findings about the North Korean hacking group called Lazarus that outline new ways it’s targeting attacks. “We have observed Lazarus target companies in the manufacturing, agricultural and physical security sectors,” their analysts wrote in the post. The group has been around since 2010 and was responsible most recently […]
From CISA, December 5: Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in […]
Cybernews reports: Microsoft is urging Outlook users to patch and update their systems to mitigate a new threat from Russia. Hackers associated with the Kremlin’s military intelligence agency GRU are exploiting the vulnerability to access victim’s emails. Microsoft warned that a nation-state actor tracked as Forest Blizzard is actively exploiting a vulnerability to provide secret, […]
If there’s anything the past few years should have taught businesses, it is that if you think you can just wait a month or a few months to patch vulnerabilities when a patch is released, expect to hacked by threat actors who are already searching for businesses that haven’t patched. In this week’s example, Bleeping […]
Earlier today, CISA issued an advisory: StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability. The advisory includes TTPs and IOCs obtained from FBI, ACSC, and voluntarily shared by Boeing following its recent attack by LockBit that resulted in their data being leaked. Boeing observed LockBit 3.0 affiliates exploiting CVE-2023-4966, to obtain initial […]
Bleeping Computer reports: Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware. SysAid is a comprehensive IT Service Management (ITSM) solution that provides a suite of tools for managing various IT services within an organization. The Clop ransomware is notorious […]
