Remove 2023 Remove Blog Remove Military Remove Security
article thumbnail

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

article thumbnail

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Stark Truth Behind the Resurgence of Russia’s Fin7

Krebs on Security

In May 2023, the U.S. attorney for Washington state declared “Fin7 is an entity no more,” after prosecutors secured convictions and prison sentences against three men found to be high-level Fin7 hackers or managers. com , which promises to “grow your business with our IT, cyber security and cloud solutions.”

Phishing 255
article thumbnail

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide.

article thumbnail

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. ” reads the report published by Symantec.

article thumbnail

A zero-click vulnerability in Windows allows stealing NTLM credentials

Security Affairs

Researchers shared technical details about a flaw in Windows MSHTML platform, tracked as CVE-2023-29324 , that could be abused to bypass security protections. Cybersecurity researchers have shared details about a now-patched security flaw, tracked as CVE-2023-29324 (CVSS score: 6.5), in Windows MSHTML platform.

article thumbnail

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. The North Korean regime is known to use stolen cryptocurrencies to fund its military and other state projects.

Phishing 270