US Army Hopes AI Will Give Soldiers An Information Advantage

The Army in recent years has introduced the concept of “information advantage,” in which soldiers have the ability to make decisions and act faster than their adversaries. The service now believes artificial intelligence is the key to making the strategy Read More …

First known open-source software attacks on banking sector could kickstart long-running trend

Application security provider Checkmarx has detailed its findings on the first known open-source software (OSS) attacks targeting the banking sector. During the first half of 2023, the firm said its supply chain research team detected several OSS attacks that showcased Read More …

US ambassador to China and high level diplomat in East Asia targeted in recent cyberattack

The U.S. ambassador to China, Nicholas Burns, and the State Department’s Assistant Secretary for East Asia Daniel Kritenbrink’s email accounts were breached by China-based hackers in the massive cyberattack that began in May and was discovered in mid-June, according to Read More …

Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)

Security and networking devices are “edge devices,” meaning they are connected to the internet. If an attacker is successful in exploiting a vulnerability on these appliances, they can gain initial access without human interaction, which reduces the chances of detection. Read More …

KillNet Showcases New Capabilities While Repeating Older Tactics

In early 2022, Mandiant predicted that Russian cyber threat activity associated with the invasion of Ukraine would affect government and private sector targets in third-party countries, particularly neighboring countries, North Atlantic Treaty Organization (NATO) allies, and other nations voicing support Read More …

CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519

The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Read More …

North Korea-backed hackers breached JumpCloud to target cryptocurrency clients

North Korean state-backed hackers breached U.S. enterprise software company JumpCloud to target its cryptocurrency clients, security researchers said on Thursday. JumpCloud, a directory platform that allows enterprises to authenticate, authorize and manage users and devices, said this week that a Read More …

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 CRITICAL). The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and Read More …