News • Insights • Analysis
Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments. In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom Read More …
On Oct. 10, 2023, Citrix released a security bulletin for a sensitive information disclosure vulnerability (CVE-2023-4966) impacting NetScaler ADC and NetScaler Gateway appliances. Mandiant has identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023 as Read More …
Apple has released security updates for its phones, iPads, Macs, watches and TVs. Updates are available for these products: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, Read More …
Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. What’s remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendor’s systems Read More …
A group of academic researchers has developed a speculative execution attack named “iLeakage” that can extract sensitive data, such as passwords and emails, on recent Apple devices via the Safari web browser. iLeakage has been developed by a team of Read More …
In the previous blogpost on Triangulation, Kaspersky researchers discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. The researchers mentioned, among other things, that it is able to Read More …
Servers are always a point of interest for threat actors as they are one of the most efficient attack vectors to penetrate an organization. Server-related accounts often have the highest privilege levels, making lateral movement to other machines in the Read More …
Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous deployment (CI/CD) Read More …
In recent weeks, Google’s Threat Analysis Group’s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, which is a popular file archiver tool for Windows. Cybercrime groups began exploiting the vulnerability in early 2023, when Read More …
In early September 2022, Kaspersky researchers discovered several new malware samples belonging to the MATA cluster. As they were collecting and analyzing the relevant telemetry data, they realized the campaign had been launched in mid-August 2022 and targeted over a Read More …
