Threat actors who recently attacked a dozen Norwegian ministries by exploiting a zero-day vulnerability in Ivanti's endpoint management software appeared to have another zero-day flaw that tied to the overall attack exploit chain, Ivanti confirmed on Friday.
U.S. and Australian cybersecurity agencies are warning developers to guard against access flaws, saying that failure to institute authentication checks can lead to large data breaches. Broken access controls are on OWASP's 2021 list of the top 10 most critical security risks.
A Russian court sentenced cybersecurity firm Group 1B co-founder Ilya Sachkov on Wednesday to 14 years in prison in a case that state-run media says stems from delivering classified material to foreign intelligence. Group 1B defended its former CEO, calling the trial a "pretext" for prison.
Ukrainian cyber defenders said a financially motivated threat actor is intensifying efforts to entice users into installing a backdoor Trojan known as SmokeLoader. The SSSCIP said the malware had the second-highest number of detections domestically during the months of May and June.
A mobile security vendor patched a critically rated zero-day vulnerability in its endpoint management platform that had been used by unknown hackers to attack the Norwegian government. The flaw is rated 10 on the CVSS scale. Multiple governments use the platform - the Ivanti Endpoint Manager Mobile.
Unknown hackers attacked a dozen Norwegian government ministries through a zero day vulnerability present in a shared digital platform, the Oslo government disclosed Monday. The prime minister's office and the ministries of defense, justice and foreign affairs were unaffected.
Suspected North Korean hackers who targeted enterprise software firm JumpCloud are likely behind a social engineering campaign targeting the personal GitHub accounts of employees from major technology firms - including those in the cybersecurity sector.
Days after attributing the recent breach in its customer environment, enterprise software company JumpCloud on Thursday confirmed the involvement of a North Korean nation-state actor who appears to be financially motivated to steal cryptocurrency.
Adobe released a fresh out-of-band security update to patch an improperly fixed ColdFusion zero-day vulnerability being actively exploited in the wild that allows attackers to bypass security controls. The update includes fixes for two other critical vulnerabilities.
The Ukrainian Cyber Police dismantled yet another large-scale bot farm spreading Russian propaganda over social media. Cyber police seized nearly 150,000 SIM cards of different mobile operators used in the campaign to create fake social media profiles.
The Russian Turla hacker group has targeted the Ukrainian defense sector and other Eastern European entities with a novel backdoor, dubbed DeliveryCheck, to deploy secondary payloads likely used for espionage, according to security researchers at Microsoft.
Top U.S. and Australian cybersecurity agencies strongly urged users to patch a critical zero-day flaw in Citrix ADC and Gateway appliances being exploited by unnamed threat actors in the wild. The bug, which is tracked as CVE-2023-3519, gives unauthenticated attackers RCE privileges.
Spanish law enforcement officers scored several recent wins against cybercriminals this month. Police nabbed a Ukrainian hacker on the run for 10 years, arrested a fraudster known to have run a smishing campaign that amassed 1.2 million euros, and broke up a phishing nexus - all in two weeks.
The administrator of the now-defunct BreachForums has pleaded guilty to two counts of hacking and one count of child pornographic possession. Conor Fitzpatrick, 20, operating under the moniker Pompompurin, made nearly $700,000 running the criminal online forum for just under a year.
Belarus state-linked hackers are targeting government and military entities in both Ukraine and Poland with spear-phishing campaigns that deliver remote access Trojans. Ukrainian authorities say the adversary is focusing on information stealing and remote control of targeted systems.