Estimates of the number of devices affected by a duo of zero-days in a popular corporate VPN made by software developer Ivanti have skyrocketed from fewer than 10 to over 1,700. The flaws affect the firm's Connect Secure VPN appliance, formerly known as Pulse Secure, and Ivanti Policy Secure.
Hackers possibly connected to the Chinese government since December have exploited two zero-days in a VPN from software developer Ivanti that is widely used by governments and corporations, and a patch won't be available until later this month.
Iranian hackers targeted the Albanian Parliament using the No-Justice Wiper and other commonly used tools. Albania had severed diplomatic ties with Iran following a July cyberattack that disrupted the country's online governmental services portal.
Ukraine's security intelligence chief said Russian hackers had been responsible for severing internet access and mobile communications from telecom operator Kyivstar in December, after compromising the firm's network months ago. He said the "disastrous" cyberattack had wiped "almost everything."
This week, Orbit Chain lost $81 million in a New Year's Eve hack, Indonesian police shuttered bitcoin mining operations, dYdX named its attacker, $324,000 users fell victim to 2023 crypto phishing scams, Singapore's prime minister had a deepfake problem, and 2023 crypto losses decreased by over 50%.
The Russian military hacked into surveillance cameras to spy on Ukrainian air defenses and Kyiv's critical infrastructure during the missile and drone strikes on the capital city Tuesday. Ukraine has blocked and dismantled the cameras, and it urged users to stop sharing security camera feeds online.
Over the New Year's holiday weekend, Belarusian hacktivists shut down the country's leading state-owned media outlet, claiming they had wiped the main website servers and backups of BelTA. The group said its actions had been retaliation against President Alexander Lukashenko's propaganda campaign.
Ukrainian cyber defenders report that fast-acting Russian military intelligence hackers have been targeting government agencies as well as organizations in Poland using backdoor malware tied to phishing lures based on a fake letter from the Ukrainian deputy prime minister.
Microsoft has deactivated a tool designed to simplify the installation of Windows applications after hacking groups began exploiting the functionality to distribute malware loaders, leading to infections involving backdoors and ransomware.
Google reached a preliminary settlement in a class action lawsuit that alleged the tech giant had misled consumers about their privacy protections when using the private browsing Incognito mode of its Chrome web browser. The settlement came on the heels of a court ruling clearing the case for trial.
Albania's Parliament and a telecommunications service provider faced online attacks on Christmas day, according to the Albanian National Authority for Electronic Certification and Cyber Security. Iranian hackers called Homeland Justice have claimed responsibility for the latest wave of attacks.
Cyberspace aggression against Israel has intensified since the onset of war in the Gaza Strip, changing from online vandalism to attacks aimed at disruption and sowing fear, says Israel's cybersecurity agency. A prominent attack vector is phishing emails.
A Russian man accused by the U.S. of trafficking in a hacked database of online credentials will apparently evade American courts after the Russian government said it had succeeded in extraditing him. Russian prosecutors say Nikita Kislitsin faces charges related to an October 2022 hacking incident.
Google rolled out security updates Wednesday for its Chrome web browser to fix a critical vulnerability exploited in the wild. The zero-day vulnerability is a heap-based buffer overflow bug in the WebRTC framework that allows real-time communication between different browsers and devices.
U.S. authorities seized dark web infrastructure of the BlackCat ransomware-as-a-service group, also known as Alphv, although the Russian-speaking threat actor said it has reestablished operations. The group's data leak site and its Tox instant messaging account went offline Dec. 7.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.