Month: September 2024
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks. The two agencies note that malicious actors are spreading disinformation to manipulate public “opinion and undermine confidence in U.S. democratic institutions.” According to…
Read MoreA recently fixed “Windows MSHTML spoofing vulnerability” tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. When first disclosed as part of the September 2024 Patch Tuesday, Microsoft had not marked the vulnerability as previously exploited. However, on Friday, Microsoft updated the CVE-2024-43461 advisory…
Read MoreSep 14, 2024Ravie LakshmananEnterprise Security / Threat Intelligence Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. “An OS command injection vulnerability in…
Read MoreVideo, Ransomware ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends 13 Sep 2024 This week, ESET researchers published a deep dive into the recent activities of the CosmicBeetle cybercrime group. Among other notable things, CosmicBeetle was found to abuse the infamy of…
Read MoreImage: MidjourneyPort of Seattle, the United States government agency overseeing Seattle’s seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks. The agency revealed on August 24 that the attack forced it to isolate some of its critical systems to contain the…
Read MoreAs Intel undergoes major spending cuts, longtime channel advocate Jason Kimrey is leaving the chipmaker along with a few other partner-facing leaders. Longtime Intel channel stalwart Jason Kimrey, a fierce channel advocate admired by partners as one of the most influential channel chiefs in the industry, is leaving the beleaguered semiconductor giant, CRN has learned.…
Read MoreTransport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset passwords following a cybersecurity incident disclosed almost two weeks ago. “Resetting 30,000 colleague passwords in person will take some time and we will be prioritising the allocation of appointments centrally,” TfL said on the…
Read MoreThe high-severity flaw in Ivanti’s Cloud Service Appliance (CSA) can be used to enable remote execution of code, the vendor says. Ivanti said Friday that a previously disclosed vulnerability in its Cloud Service Appliance (CSA) gateway has now seen exploitation by threat actors. As of Ivanti’s disclosure Friday, attacks exploiting the high-severity flaw had only…
Read MoreDNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. The proposed class action settlement, filed Thursday in a San Francisco federal court and awaiting judicial approval, includes cash payments for affected customers, which will be distributed…
Read MoreIvanti confirmed on Friday that a high-severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. “At the time of disclosure on September 10, we were not aware of any customers being exploited by this vulnerability. At the time of the September 13 update, exploitation of a limited number of…
Read MoreRecent Posts
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
- Tenable Selected by Bank of Yokohama to Secure its Active Directory and Eliminate Attack Paths
- CISA warns of actively exploited Apache HugeGraph-Server bug
- Suspects behind $230 million cryptocurrency theft arrested in Miami
- Ivanti Says ‘Critical’ Cloud Gateway Vulnerability Seeing Exploitation