RSS Dashboard

The Hackers News

Microsoft Security Response Centre

The National Cyber Security Centre

Zero Day Initiative: Published

NHS High CareCerts

ThreatPost

Mandiant

New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities
New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities

The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in… [...]

Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?
Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?

Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion –… [...]

North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign
North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish… [...]

New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers
New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes… [...]

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility
Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified… [...]

Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process

Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program (MCPP) (formerly… [...]

Congratulations to the Top MSRC 2022 Q4 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top… [...]

Microsoft resolves four SSRF vulnerabilities in Azure cloud services

Summary  Microsoft recently fixed a set of Server-Side Request Forgery (SSRF) vulnerabilities in four Azure services (Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins) reported by… [...]

Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API

Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide (SUG) Common Vulnerability Reporting Framework (CVRF) API. CBL-Mariner is a… [...]

Security Update Guide Improvement – Representing Hotpatch Updates

Today we are updating the way Microsoft Security Update Guide (SUG) represents the Windows Hotpatch feature to make it easier for users to identify the hotpatch and security updates. Hotpatching… [...]

Threat Report 27th January 2023

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 13th January 2023

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 22nd December 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 9th December 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 25th November 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

ZDI-23-093: Cacti poll_for_data Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is not required to exploit this vulnerability. [...]

ZDI-23-092: RARLAB WinRAR ZIP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a… [...]

ZDI-23-091: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit… [...]

ZDI-23-090: Siemens Solid Edge Viewer JT File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must… [...]

ZDI-23-089: Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must… [...]

CC-4255 - Cisco Releases Security Advisories for Multiple Products

Severity: Information only Five security advisories address vulnerabilities in ISE, Prime Infrastructure, and IOS XE Five security advisories address vulnerabilities in ISE, Prime Infrastructure, and IOS XE Updated: 02 Feb… [...]

CC-4254 - VMware Releases Security Update for VMware vRealize Operations

Severity: Information only Security update addresses a vulnerability in VMware vRealize Operations Security update addresses a vulnerability in VMware vRealize Operations Updated: 02 Feb 2023 [...]

CC-4251 - VMware Releases Security Update for vRealize Log Insight

Severity: Medium VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log Insight product VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log… [...]

CC-4253 - QNAP Releases Security Update

Severity: Information only QNAP releases a security update to address a critical vulnerability in their QTS and QuTS hero products QNAP releases a security update to address a critical vulnerability… [...]

CC-4252 - ISC Releases Security Advisories for Multiple Versions of BIND 9

Severity: Information only Security Updates for the Berkeley Internet Name Domain system Security Updates for the Berkeley Internet Name Domain system Updated: 27 Jan 2023 [...]

CC-4240 - Microsoft Releases January 2023 Security Updates

Severity: Information only Scheduled updates for Microsoft products Scheduled updates for Microsoft products Updated: 27 Jan 2023 [...]

CC-4185 - Microsoft Releases October 2022 Security Updates

Severity: Information only Scheduled updates for Microsoft products Scheduled updates for Microsoft products Updated: 26 Jan 2023 [...]

CC-4250 - Apple Releases Security Updates for Multiple Products

Severity: Information only The security updates include an exploited vulnerability targeting versions of iOS and iPadOS before 15.1 The security updates include an exploited vulnerability targeting versions of iOS and… [...]

CC-4245 - Zoho ManageEngine RCE Vulnerability CVE-2022-47966

Severity: High Proof-of-concept expected to be released for a critical RCE vulnerability, which affects 24 Zoho ManageEngine Products Proof-of-concept expected to be released for a critical RCE vulnerability, which affects… [...]

CC-4249 - Drupal Releases Security Updates

Severity: Information only Five security advisories address multiple vulnerabilities affecting the Drupal platform Five security advisories address multiple vulnerabilities affecting the Drupal platform Updated: 23 Jan 2023 [...]

Student Loan Breach Exposes 2.5M Records
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
Watering Hole Attacks Push ScanBox Keylogger
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Ransomware Attacks are on the Rise
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Optimize Your Workflows with the Mandiant Advantage Threat Intelligence Browser Plug-in

It’s a Tuesday morning and you are reading through infosec social media channels and hitting up your favorite threat intel research sites. You come upon a CVE that you are unfamiliar with.  Normally, you would jump over to the web and search for the CVE or open up your preferred security product to understand if it is something serious your organization should care about.  Is it being actively exploited by bad actors? Are there publicly published exploits? What is the risk to my organization?

What if you could see all of this and more without leaving the web page? 

The Mandiant Advantage

Add Cloud Visibility to Your Attack Surface Management Program

The external attack surface expands beyond DNS and domains to include resources and applications hosted in the cloud. For organizations with footprints on-prem and in two or more cloud environments, achieving continuous and centralized visibility of all owned assets is cumbersome, leading security teams to toggle between consoles to cobble together a view of the attack surface.  

Adding to the challenge, the acceleration of cloud adoption has yielded an increasing number of applications entering cloud instances before the security team can assess them for risk. Real-world observations indic

Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations

Since January 2021, Mandiant Managed Defense has consistently responded to GOOTLOADER infections. Threat actors cast a widespread net when spreading GOOTLOADER and impact a wide range of industry verticals and geographic regions. We currently only attribute GOOTLOADER malware and infrastructure to a group we track as UNC2565, and we believe it to be exclusive to this group.

Beginning in 2022, UNC2565 began incorporating notable changes to the tactics, techniques, and procedures (TTPs) used in its operations. These changes include the use of multiple variations of the FONELAUNCH launcher

Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)

Mandiant is tracking a suspected China-nexus campaign believed to have exploited a recently announced vulnerability in Fortinet's FortiOS SSL-VPN, CVE-2022-42475, as a zero-day. Evidence suggests the exploitation was occurring as early as October 2022 and identified targets include a European government entity and a managed service provider located in Africa.

Mandiant identified a new malware we are tracking as “BOLDMOVE” as part of our investigation. We have uncovered a Windows variant of BOLDMOVE and a Linux variant, which is specifically designed to run on FortiGate Firewalls. We

Gone Phishing: Hunting for Malicious Industrial-Themed Emails to Prevent Operational Technology Compromises

Phishing is one of the most common techniques used to deliver malware and gain access to target networks. This is not only because of its simplicity and scalability, but also because of its efficiency in exploiting vulnerabilities in human behavior. Despite the existence of sophisticated detection tooling and security awareness of phishing techniques, defenders across all industry verticals continue to struggle to avoid phishing compromises.

Mandiant regularly observes actors spreading phishing emails that contain terminology and concepts specific to industrial sectors, such as energy