Why You Need Continuous Network Monitoring?
Changes in the way we work have had significant implications for cybersecurity, not least in network monitoring. Workers no longer sit safely side-by-side on a corporate network, dev teams constantly spin up and tear down systems, exposing services to the internet. Keeping track of these users, changes and services is difficult – internet-facing attack surfaces […]
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks
An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, […]
CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active in-the-wild exploitation. Tracked as CVE-2023-24489 (CVSS score: 9.8), the shortcoming has been described as an improper access control bug that, if successfully exploited
Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks
Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry’s users. « These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package, » Aqua security researchers Mor Weinberger, Yakir Kadkoda, and […]
Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security
More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud workload. Some teams may rely on their existing network […]
Google Introduces First Quantum Resilient FIDO2 Security Key
Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative. « This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium’s resilience against quantum attacks, » Elie Bursztein and Fabian Kaczmarczyck
Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations
Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that’s used by 30,000 organizations. The vulnerabilities, collectively tracked as CVE-2023-32560 (CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0. Cybersecurity company Tenable said the shortcomings are the result of buffer
Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability
Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. « An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable NetScalers to gain persistent access, » NCC Group said in an advisory released Tuesday. « The adversary can
Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn
Threat actors’ use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. « The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps, » Netskope security researcher Jan Michael said. Cloudflare R2, analogous to Amazon Web Service S3, […]
Multiple Flaws Found in ScrutisWeb Software Exposes ATMs to Remote Hacking
Four security vulnerabilities in the ScrutisWeb ATM fleet monitoring software made by Iagona could be exploited to remotely break into ATMs, upload arbitrary files, and even reboot the terminals. The shortcomings were discovered by the Synack Red Team (SRT) following a client engagement. The issues have been addressed in ScrutisWeb version 2.1.38. « Successful exploitation of these