A new exploit technique targeting a recent Citrix Application Delivery Controller (ADC) and Gateway vulnerability can be used against thousands of unpatched devices, cybersecurity firm Bishop Fox claims.
For the first time, the banking sector has been explicitly targeted by two distinct Open-Source Software (OSS) supply chain attacks that enabled attackers to stealthily overlay the banking sites. Organizations must equip themselves with the best early threat alerting and sharing platforms that can enable them to promptly identify the risks and perform threat assessment […]
The flaws, discovered by Mandiant on February 28, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, and June 26, respectively.
Twelve Norwegian government ministries have been hit by a cyberattack, the Norwegian government said on Monday, the latest attack to hit the public sector of Europe’s largest gas supplier and NATO’s northernmost member.
Details have emerged about a now-patched flaw in OpenSSH that could be exploited to run arbitrary commands remotely. The vulnerability is being tracked under the CVE identifier CVE-2023-38408. It impacts all versions of OpenSSH before 9.3p2.
Cybersecurity researcher Erhad Husovic published a blog post in late June to disclose the details of a local privilege escalation vulnerability discovered in Perimeter81’s macOS application.
U.S. enterprises are responding to growing cybersecurity threats by working to make the best use of tools and services to ensure business resilience, according to an ISG report.
The attackers employed deceptive tactics such as creating fake LinkedIn profiles to appear credible and using customized command and control (C2) centers for each target, exploiting legitimate services for illicit activities.
The China-linked threat actors behind the theft of U.S. State Department and other Microsoft customer emails may have gained access to applications beyond Exchange Online and Outlook.com, according to a report released Friday by Wiz.
The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom.