The exploitation of zero-day vulnerabilities, flaws that were abused before the developers built a fix, is growing faster than the exploitation of n-day vulnerabilities (those for which a patch is already available). This is according to a new… Article Source https://www.techradar.com/pro/security/attackers-are-getting-worryingly-good-at-exploiting-zero-days-google-mandiant-says
Cisco has issued a warning about a zero-day exploit in its NX-OS software that is being actively exploited by a Chinese state-sponsored group known as Velvet Ant. The cybersecurity firm Sygnia first reported the issue to Cisco after detecting the exploit during an investigation into the activities of the Velvet Ant group. According to Sygnia’s … Read more
Cisco has recently released security updates to address a critical vulnerability (CVE-2024-20399) in its Cisco NX-OS software. This vulnerability is actively being exploited and could allow an authenticated local attacker with administrator credentials to run arbitrary commands with root privileges on the underlying operating system. The affected Cisco switches include MDS 9000 Series Multilayer Switches, … Read more
A recent zero-day vulnerability was exploited by Chinese state-sponsored hackers in April on Cisco devices, as revealed by Cisco and Sygnia Advisories. The vulnerability, known as CVE-2024-20399, affects Cisco NX-OS software used in Nexus series switches for networking. The hackers, known as the Velvet Ant group, were able to gain access to Cisco Nexus switches … Read more
A recent information theft campaign has been identified, showcasing the detailed tactics, techniques, and procedures (TTPs) used by attackers at various stages of the attack process. The Miter ATT&CK framework was utilized to categorize these TTPs and pinpoint potential areas for detection. Research into the campaign revealed how attackers employed social engineering tactics to deceive … Read more
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a critical security flaw in Citrix NetScaler ADC and Gateway appliances. The vulnerability, known as Citrix Bleed (CVE-2023-4966), allows attackers to bypass password requirements and MFA, gaining access to user sessions and elevated permissions. Despite Citrix addressing the issue, it became a zero-day exploit as … Read more
Comcast’s Xfinity cable unit faced a cybersecurity breach due to the Citrix Bleed vulnerability, affecting approximately 36 million customers. Hackers accessed customer information by exploiting the vulnerability, resulting in a data breach. The breach impacted Xfinity systems for a few days in mid-October, with hackers gaining access to customer usernames, passwords, and personal details like … Read more
VMware has released patches for critical vulnerabilities affecting its ESXi, Workstation, Cloud Foundation, and Fusion products. These vulnerabilities could allow attackers to execute malicious code on host systems from virtual machines, posing a significant security risk. One of the critical vulnerabilities is an out-of-bounds read/write issue affecting storage controllers on VMware ESXi, Workstation, and Fusion. … Read more
Mandiant and VMware recently uncovered a sophisticated cyber espionage campaign. The attackers, a Chinese group identified as UNC3886, leveraged a known vulnerability in VMware software (CVE-2023-34048) to maintain access to the targeted systems for over a year. This case highlights the importance of staying vigilant against persistent and evolving cyber threats. Mandiant’s investigation revealed that … Read more
While publicly reported and patched in October 2023, Mandiant and VMware Product Security have found UNC3886, a highly advanced China-nexus espionage group, has been exploiting CVE-2023-34048 as far back as late 2021. These findings stem from Mandiant’s continued research of the novel attack paths used by UNC3886, which historically focuses on technologies that are unable to have … Read more