News • Insights • Analysis
A critical vulnerability patched 10 days ago in widely used email software from IT security company Barracuda Networks has been under active exploitation since October. The software bug, tracked as CVE-2023-2868, is a remote-command injection vulnerability that stems from incomplete Read More …
Industrial cybersecurity company Dragos today disclosed what it describes as a “cybersecurity event” after a known cybercrime gang attempted to breach its defenses and infiltrate the internal network to encrypt devices. While Dragos states that the threat actors did not Read More …
As we spoke about in the new ThreatWise TV documentary, “People Matter: A look back on how Cisco Talos has been supporting Ukraine,” war isn’t something that often appears in an organization’s business continuity or disaster recovery plans. In the Read More …
More than 4,000 public-facing Sophos firewalls remain vulnerable to a critical remote code execution bug disclosed last year and patched months later, according to security researchers. The flaw, CVE-2022-3236, had already been exploited as a zero-day when Sophos published a Read More …
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. According to a letter sample shared with the Office of the Vermont Read More …
A critical code-injection vulnerability in Sophos Firewall has been fixed — but not before miscreants found and exploited the bug. The flaw, tracked as CVE-2022-3236, exists in the User Portal and Webadmin components of the firewall in versions 19.0 and Read More …
The LockBit ransomware operation’s data leak sites have been shut down over the weekend due to a DDoS attack telling them to remove Entrust’s allegedly stolen data. In late July, digital security giant Entrust confirmed a cyberattack disclosing that threat Read More …
The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. Last month, BleepingComputer broke the story that Entrust suffered a ransomware attack on June 18th, 2022. Starting in early June, Entrust had begun to Read More …
Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. The security issue has been fixed in the meantime but various threat actors continued Read More …
The United Stations Federal Communications Commission (FCC) has labelled Kaspersky, China Mobile, and China Telecom as threats to national security. The three companies join Huawei, ZTE, Chinese radio-comms vendor Hytera, and Chinese video surveillance systems vendors Hangzhou Hikvision Digital Technology Read More …
