A recent zero-day vulnerability was exploited by Chinese state-sponsored hackers in April on Cisco devices, as revealed by Cisco and Sygnia Advisories. The vulnerability, known as CVE-2024-20399, affects Cisco NX-OS software used in Nexus series switches for networking. The hackers, known as the Velvet Ant group, were able to gain access to Cisco Nexus switches … Read more
Cybersecurity researchers have uncovered a complex attack campaign orchestrated by the threat actor Water Sigbin (also known as 8220 Gang), targeting vulnerabilities in Oracle WebLogic Server, specifically CVE-2017-3506 and CVE-2023-21839. The attackers employed these vulnerabilities to plant the XMRig cryptocurrency miner on compromised systems. To avoid detection, Water Sigbin utilized advanced tactics such as code … Read more
Cybersecurity experts have recently discovered that hackers are utilizing a zero-day vulnerability in Citrix software to target critical infrastructure in the United States. This alarming development has raised serious concerns about the security of essential systems and services that the country relies on daily. According to reports, the hackers are exploiting a vulnerability in Citrix … Read more
A source from Ukraine’s Defense Intelligence Service has revealed that cyber specialists launched attacks on Russian communications infrastructure, causing disruptions to propaganda media servers in occupied Crimea and traffic jams on the Kerch Bridge. These cyberattacks have been ongoing for several days following previous attacks on Russian Internet providers in the region. The attacks targeted … Read more
In a recent cybersecurity threat, hackers identified as UNC3886 have been using Linux rootkits to conceal their presence on VMware ESXi virtual machines (VMs). This method allows the hackers to remain undetected while gaining unauthorized access to sensitive information. Rootkits are a type of malware that hide their presence within a system, making it difficult … Read more
Mandiant researchers have issued a warning about a critical vulnerability in Citrix Netscaler that continues to be exploited despite a patch being issued on October 10. The vulnerability, identified as CVE-2023-4966, affects Netscaler ADC and Netscaler Gateway, and has been actively exploited since at least August. Although Citrix believed the patch would prevent further attacks, … Read more
Cisco Talos researchers have uncovered an ongoing campaign by a threat actor known as SneakyChef, using the SugarGh0st malware since August 2023. The campaign has expanded its targets from South Korea and Uzbekistan to include countries in EMEA and Asia, using lures resembling scanned documents from government agencies. The team discovered a new infection chain … Read more
Global banks are facing increasing pressure from regulators to improve management of their IT asset inventories to prevent cybercriminals from exploiting vulnerabilities in outdated software. Senior risk executives are emphasizing the importance of maintaining a centralized database of technology to better understand and address potential risks. Those who have not yet implemented these measures are … Read more
A proof-of-concept exploit for the ‘Citrix Bleed’ vulnerability, CVE-2023-4966, allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and Gateway devices. Citrix patched the flaw on October 10 but did not provide many details about it. Mandiant revealed that the flaw was exploited in limited attacks as zero day at the end … Read more
Security researchers have identified a critical vulnerability in Citrix NetScaler systems, known as CVE-2023-4966 or “CitrixBleed,” that hackers are aggressively exploiting to launch cyberattacks against major organizations globally. The flaw allows hackers to extract sensitive data from vulnerable Citrix devices and gain unauthorized access to networks without requiring credentials. Despite Citrix releasing patches, many organizations … Read more