A Chinese Advanced Persistent Threat (APT) Group has successfully exploited critical vulnerabilities in Ivanti Connect Secure VPN appliances to infiltrate organizations across 12 countries and 20 industries, according to the Taiwan cybersecurity firm TeamT5. The campaign, active since late March 2025, exploits the stack-based buffer overflow flaws in CVE-2025-0282 and CVE-2025-22457, which have maximum CVSS (Common Vulnerability Scoring System) scores of 9.0, to deploy the SPAWNCHIMERA malware
vpn (16)
On 16 April, US DHS CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability.
Found in CVE-2021-20035, this security flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices. Successful exploitation can allow remote threat actors with low privileges to execute arbitrary code in low-complexity attacks. "Improper neutralization of speci
Doomsday movies and TV shows have continuously been a staple in American entertainment. These fictionalized end-of-the-world scenarios range from the spread of mysterious diseases to catastrophic weather events and even aliens and zombies taking over. But in recent years, a new threat has arisen in apocalyptic content: cyber-attacks.
In 2023, the Netflix film "Leave the World Behind," based on the novel of the same name, shares the story of two families stuck in a Long Island home trying to nav
Recently, the Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the disclosure reported. The marketplace discontinued its operations in late 2023 following reports of service disruptions and exit
Cybercriminals have been masquerading as sellers of GlobalProtect,[1] a virtual private network (VPN) software from Palo Alto Networks, and delivering a new variant of WikiLoader malware through search engine optimization (SEO) poisoning.
See: https://redskyalliance.org/xindustry/shifts-in-cyber-attack-tactics
WikiLoader, also known as WailingCrab, is a downloader malware first discovered in 2022 by Proofpoint. It's sold in underground marketplaces by initial access brokers, and hackers typica
In an era where digital threats loom large, the world finds itself grappling with an unprecedented surge in cyber-attacks. Yeah, no kidding. The landscape of digital security has become a battlefield, with corporate networks experiencing a staggering 30% increase in weekly attacks in the second quarter of 2024 compared to the same period in 2023. Yet, a recent study by Kiteworks, a provider of secure content communication solutions, has revealed a significant knowledge gap in the US regarding
Multiple US and allied cybersecurity agencies have recently warned about an ongoing campaign by pro-Russia hacktivist groups to target and compromise operational technology (OT) systems across critical infrastructure sectors in North America and Europe. According to a new joint cybersecurity alert have been observed gaining remote access to small-scale industrial control systems used in water/wastewater, dams, energy, and food and agriculture by exploiting internet-exposed human-machine interfa
Palo Alto Networks has released fixes for a zero-day vulnerability affecting its GlobalProtect VPN product that is being targeted following its disclosure last week. Hotfixes for the vulnerability labeled: CVE-2024-3400, were recently published, as promised in an urgent notice about the bug on 12 April. The zero-day carries the highest severity score possible of 10.[1]
Security company Volexity, which Palo Alto credited with discovering the bug, said it “is highly likely” the attacker behind t
Over the past several years, organizations have been engaged in expanding their multi-edge networking strategies to not only enable new work-from-anywhere (WFA) realities but also support workers as they become increasingly dependent on cloud applications and environments to do their jobs. However, as these networks grow to meet new business demands, the attack surface increases.[1]
The result is a growing gap between network functionality and security coverage that not only inherently exposes
The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee. "This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point," the agency said in a joint advisory published 15 February 2024 alongside the Multi-State Information Sharing and Analysis Center (MS-ISAC). "The threat actor
Back in 1969, the rock group – The Rolling Stones – recorded an album titled “Let it Bleed.” The album sold over 2.4 million copies, and in 1997, it was voted the 27th "Best Album Ever." The current "Bleed You" malicious cyber campaign is far from being popular and is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions. More than 1,000 systems are unpatched and vulnerable to compromise.
If an attacker gains cont
The internet opened the door to a realm of possibilities that permanently changed the business and social landscape and our personal lives. Most users are no longer restricted to dial-up; many of us now consider access to a stable internet connection as a critical aspect of our daily lives. We pay our bills online, check our bank statements, communicate via email, and maintain a presence on social media. Many users rely on the web for work and entertainment, and seeking out information through
In recent years, our digital selves are now an established part of our identity. The emails we send, the conversations we have over social media both private and public as well as the photos we share, the videos we watch, the apps we download, and the websites we visit all contribute to our digital personas. There are ways to prevent a government agency, country, or cybercriminal from peeking into our digital lives. Virtual private networks (VPNs), end-to-end encryption, and using browsers that
Regarding cybersecurity, misconfigurations can create exploitable issues that can cause vulnerabilities later. The following are some common-sense security misconfigurations that can easily be avoided.[1]
Development permissions that do not get changed when something goes live. For example, AWS S3 buckets are often assigned permissive access while development is going on. The issues arise when security reviews are not carefully performed prior to pushing the code live, no matter if that push
I have written about Phishing before and I will continue to warn friends and colleagues about phishing and their tactics. Phishing is the start of almost all serious cyber breaches. In early 2020, cloud security expert, Wandera, revealed in its Mobile Threat Landscape Report that a new phishing campaign is launched every 20 seconds. Twenty seconds equates to three additional phishing sites designed to target users in every minute. However, this number no longer applies during COVID-19 times.
