RSS Dashboard

The Hackers News

Microsoft Security Response Centre

The National Cyber Security Centre

Zero Day Initiative: Published

NHS High CareCerts

ThreatPost

Mandiant

New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities

The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in… [...]

Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?

Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion –… [...]

North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish… [...]

New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes… [...]

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified… [...]

Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program (MCPP) (formerly… [...]

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top… [...]

Summary  Microsoft recently fixed a set of Server-Side Request Forgery (SSRF) vulnerabilities in four Azure services (Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins) reported by… [...]

Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide (SUG) Common Vulnerability Reporting Framework (CVRF) API. CBL-Mariner is a… [...]

Today we are updating the way Microsoft Security Update Guide (SUG) represents the Windows Hotpatch feature to make it easier for users to identify the hotpatch and security updates. Hotpatching… [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is not required to exploit this vulnerability. [...]

This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a… [...]

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit… [...]

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must… [...]

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must… [...]

Severity: Information only Five security advisories address vulnerabilities in ISE, Prime Infrastructure, and IOS XE Five security advisories address vulnerabilities in ISE, Prime Infrastructure, and IOS XE Updated: 02 Feb… [...]

Severity: Information only Security update addresses a vulnerability in VMware vRealize Operations Security update addresses a vulnerability in VMware vRealize Operations Updated: 02 Feb 2023 [...]

Severity: Medium VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log Insight product VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log… [...]

Severity: Information only QNAP releases a security update to address a critical vulnerability in their QTS and QuTS hero products QNAP releases a security update to address a critical vulnerability… [...]

Severity: Information only Security Updates for the Berkeley Internet Name Domain system Security Updates for the Berkeley Internet Name Domain system Updated: 27 Jan 2023 [...]

Severity: Information only Scheduled updates for Microsoft products Scheduled updates for Microsoft products Updated: 27 Jan 2023 [...]

Severity: Information only Scheduled updates for Microsoft products Scheduled updates for Microsoft products Updated: 26 Jan 2023 [...]

Severity: Information only The security updates include an exploited vulnerability targeting versions of iOS and iPadOS before 15.1 The security updates include an exploited vulnerability targeting versions of iOS and… [...]

Severity: High Proof-of-concept expected to be released for a critical RCE vulnerability, which affects 24 Zoho ManageEngine Products Proof-of-concept expected to be released for a critical RCE vulnerability, which affects… [...]

Severity: Information only Five security advisories address multiple vulnerabilities affecting the Drupal platform Five security advisories address multiple vulnerabilities affecting the Drupal platform Updated: 23 Jan 2023 [...]

Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

It’s a Tuesday morning and you are reading through infosec social media channels and hitting up your favorite threat intel research sites. You come upon a CVE that you are unfamiliar with.  Normally, you would jump over to the web and search for the CVE or open up your preferred security product to understand if it is something serious your organization should care about.  Is it being actively exploited by bad actors? Are there publicly published exploits? What is the risk to my organization?

What if you could see all of this and more without leaving the web page? 

The Mandiant Advantage

The external attack surface expands beyond DNS and domains to include resources and applications hosted in the cloud. For organizations with footprints on-prem and in two or more cloud environments, achieving continuous and centralized visibility of all owned assets is cumbersome, leading security teams to toggle between consoles to cobble together a view of the attack surface.  

Adding to the challenge, the acceleration of cloud adoption has yielded an increasing number of applications entering cloud instances before the security team can assess them for risk. Real-world observations indic

Since January 2021, Mandiant Managed Defense has consistently responded to GOOTLOADER infections. Threat actors cast a widespread net when spreading GOOTLOADER and impact a wide range of industry verticals and geographic regions. We currently only attribute GOOTLOADER malware and infrastructure to a group we track as UNC2565, and we believe it to be exclusive to this group.

Beginning in 2022, UNC2565 began incorporating notable changes to the tactics, techniques, and procedures (TTPs) used in its operations. These changes include the use of multiple variations of the FONELAUNCH launcher

Mandiant is tracking a suspected China-nexus campaign believed to have exploited a recently announced vulnerability in Fortinet's FortiOS SSL-VPN, CVE-2022-42475, as a zero-day. Evidence suggests the exploitation was occurring as early as October 2022 and identified targets include a European government entity and a managed service provider located in Africa.

Mandiant identified a new malware we are tracking as “BOLDMOVE” as part of our investigation. We have uncovered a Windows variant of BOLDMOVE and a Linux variant, which is specifically designed to run on FortiGate Firewalls. We

Phishing is one of the most common techniques used to deliver malware and gain access to target networks. This is not only because of its simplicity and scalability, but also because of its efficiency in exploiting vulnerabilities in human behavior. Despite the existence of sophisticated detection tooling and security awareness of phishing techniques, defenders across all industry verticals continue to struggle to avoid phishing compromises.

Mandiant regularly observes actors spreading phishing emails that contain terminology and concepts specific to industrial sectors, such as energy