Geek-Guy.com

Category: Exploits

Exploits, Global Security News

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list…

Read more →

Exploits, Global Security News

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.  The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending…

Read more →

Exploits, Global Security News

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that

Read more →

cybersecurity education, DEF CON 32, DEFCONConference, Exploits, Global Security News, Infosecurity Education, Security Bloggers Network

DEF CON 32 – Exploiting Cloud Provider Vulnerabilities for Initial Access

Author/Presenter: Nick Frichette Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Exploiting Cloud Provider Vulnerabilities for Initial Access appeared first on…

Read more →

Exploits, Global Security News, Security, Security Operations Center

From reactive to proactive: Redefining incident response with unified, cloud-native XDR

In today’s rapidly evolving threat landscape, cybersecurity is a constant game of cat and mouse. The average security operations center (SOC) team receives 4,484 alerts every day and can spend up to 3 hours manually triaging to understand which signals represent a genuine threat and which are just noise. However, this model traps SOCs in…

Read more →

Exploits, Global Security News, Ransomware, Security

A new ransomware regime is now targeting critical systems with weaker networks

The year 2024’s ransomware shake-up, fueled by law enforcement crackdowns on giants like LockBit, has shifted focus to critical operations, with major attacks this year hitting targets like Halliburton, TfL, and Arkansas water plant. A Dragos study for the third quarter of 2024 highlighted a surge in activity from new groups like RansomHub, Play, and…

Read more →

Data Breach, GDPR, Security, Exploits, Global Security News

Meta hit with $263 million fine in Europe over 2018 data breach

Meta has been fined $263.5 million (€251 million) by Ireland’s Data Protection Commission (DPC) for a 2018 Facebook security breach that exposed the sensitive data of 29 million users globally. The breach exploited a vulnerability in Facebook’s “view as” feature, which allows users to view their profiles as others would see them. The exploit enabled…

Read more →

CSO and CISO, Hacker Groups, Hacking, IT Leadership, Security Practices, Exploits, Global Security News

CISOs should stop freaking out about attackers getting a boost from LLMs

A common refrain from cybersecurity professionals in recent years has been the need for a diversification of the CISO role to meet the demands of increased responsibility across numerous categories. In the past year, this refrain has grown louder, specifically around the topic of generative AI. Large language models (LLMs) have added a new dimension…

Read more →

Exploits, Global Security News

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023…

Read more →

Exploits, Global Security News, Uncategorized

Clop is back to wreak havoc via vulnerable file-transfer software

In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks.  Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT…

Read more →

Configuration Management, Security Practices, Security Software, Threat and Vulnerability Management, Exploits, Global Security News

Top 10 cybersecurity misconfigurations: Nail the setup to avoid attacks

While cybersecurity headlines are often dominated by the latest zero-day or notable vulnerability in a vendor’s software/product or open-source software library, the reality is that many significant data breaches have been and will continue to be due to misconfigurations. To underscore the serious of this issue, the US National Security Agency (NSA) and the Cybersecurity…

Read more →

Exploits, Global Security News

CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below – CVE-2024-20767 (CVSS score: 7.4) – Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to…

Read more →

cybersecurity education, DEF CON 32, DEFCONConference, Exploits, Global Security News, Infosecurity Education, Security Bloggers Network

DEF CON 32 – Iconv, Set The Charset To RCE Exploiting glibc To Hack The PHP Engine

Author/Presenter: Charles Fox Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Iconv, Set The Charset To RCE Exploiting glibc To Hack…

Read more →

Cloud Security, Exploits, Global Security News

Catching the ghost in the machine: Adapting threat detection to cloud speed

The rapid adoption of cloud technology has transformed how businesses operate, offering scalability, agility, and opportunities for innovation. However, this transformation has also introduced a profound challenge: the “ghost in the machine”—elusive and dynamic threats that exploit the complexity and scale of cloud environments to remain hidden, evading traditional detection methods and posing significant risks…

Read more →

Application Security, Enterprise, Hacker Groups, Ransomware, Exploits, Global Security News

SAP-Systeme geraten zunehmend ins Visier von Cyber-Angreifern

width=”5000″ height=”2813″ sizes=”(max-width: 5000px) 100vw, 5000px”>Angriffe auf SAP-Systeme versprechen Hackern fette Beute. Shutterstock Ein Rückblick auf Bedrohungsdaten aus den zurückliegenden vier Jahren macht deutlich, dass immer mehr Cyberkriminelle SAP-Systeme ins Visier nehmen. Das berichtete Yvan Genuer, leitender Sicherheitsforscher bei Onapsis auf der Black Hat Europe, die vom 9. bis 12. Dezember 2024 in London stattfand.…

Read more →

Cloud Security, Enterprise Buyer’s Guides, Exploits, Global Security News

Cloud Access Security Broker – ein Kaufratgeber

Lesen Sie, worauf es bei der Wahl eines Cloud Access Security Broker ankommt – und welche Anbieter was genau zu bieten haben. Jack the sparow | shutterstock.com Ein Cloud Access Security Broker (CASB) sitzt zwischen Enterprise-Endpunkten und Cloud-Ressourcen und fungiert dabei als eine Art Monitoring-Gateway. Eine CASB-Lösung: gewährt Einblicke in Benutzeraktivitäten in der Cloud, setzt…

Read more →

cybersecurity education, DEF CON 32, DEFCONConference, Exploits, Global Security News, Infosecurity Education, Security Bloggers Network

DEF CON 32 – MobileMesh RF Network Exploitation Getting the Tea from goTenna

Authors/Presenters: Erwin Karincic, Woody Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The post DEF CON 32 – MobileMesh RF Network Exploitation Getting the Tea from goTenna…

Read more →

Black Hat, Financial Services Industry, Hacking, Payment Systems, Security Software, Software Providers, Exploits, Global Security News

Researchers expose a surge in hacker interest in SAP systems

A review of four years of threat intelligence data, presented Friday at Black Hat by Yvan Genuer, a senior security researcher at Onapsis, reports a spike in hacker interest in breaking into enterprise resource planning (ERP) systems from SAP in 2020 that was sustained until the end of 2023. The vast majority (87%) of the…

Read more →

2024, Cybersecurity, Exploits, Global Security News, predictions, review, Security Bloggers Network

Time of Reckoning – Reviewing My 2024 Cybersecurity Predictions

The brutal reality is that cybersecurity predictions are only as valuable as their accuracy.  As 2024 comes to a close, I revisit my forecasts to assess their utility in guiding meaningful decisions. Anyone can make predictions (and far too many do), but actually being correct is another matter altogether. It is commonplace for security companies…

Read more →

Exploits, Global Security News

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and…

Read more →

Exploits, Global Security News, Security Bloggers Network, supply chain, Uncategorized

Ultralytics Supply-Chain Attack

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­—which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig…

Read more →

Exploits, Global Security News, Security Bloggers Network

API Security is Not a Problem You Can Solve at the Edge

In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub—they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is like…

Read more →

Exploits, Global Security News, Security Bloggers Network

API Security is Not a Problem You Can Solve at the Edge

In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub—they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is like…

Read more →

Exploits, Global Security News, Security Bloggers Network

API Security is Not a Problem You Can Solve at the Edge

In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub—they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is like…

Read more →

Explainers, Exploits, Global Security News, Security Bloggers Network, Threats

What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks

Zero-day vulnerabilities are serious threats. They’re completely unknown to both the vendor and the user. That gives attackers a significant advantage, allowing them to attack systems before patches are available. The post What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks appeared first on Security Boulevard.

Read more →

Exploits, Global Security News, Vulnerabilities, Zero-day vulnerability

Attackers exploit zero-day RCE flaw in Cleo managed file transfer

Security researchers have warned about in-the-wild attacks that exploit a remote code execution vulnerability in managed file transfer (MFT) solutions developed by enterprise software vendor Cleo Communications.The impacted products include the latest versions of Cleo LexiCom, Cleo VLTrader and Cleo Harmony, with experts advising to temporarily disconnect these systems from the internet until a patch…

Read more →

Advanced Persistent Threats, Black Hat, Threat and Vulnerability Management, Vulnerabilities, Exploits, Global Security News

Security researchers find deep flaws in CVSS vulnerability scoring system

The industrywide method for assessing the severity of vulnerabilities in software and hardware needs to be revised because it provides potential misleading severity assessment, delegates at Black Hat Europe were told Thursday. The Common Vulnerability Scoring System (CVSS) makes use of various metrics to quantify vulnerability severity. A presentation at Black Hat by cybersecurity experts…

Read more →

Black Hat, Vulnerabilities, Windows Security, Exploits, Global Security News

Microsoft Windows ‘Best Fit’ character conversion ‘ripe for exploitation’

Security researchers have outlined a novel attack vector that exploits the “Best Fit” character conversion technology built into Windows. The technology comes into play in string conversions, particularly when characters cannot be directly represented in a target character set. However, application security experts Orange Tsai and Splitline Huang from Taiwanese firm DEVCORE used a presentation…

Read more →

CVE, Cybersecurity, Exploits, Global Security News, Security Bloggers Network, Security Research, vulnerability

2024 Recap: 8 Notable and Dangerous Chrome Vulnerabilities

With a market share of 66.68%, Google Chrome remains a prime target for cyberattacks. In 2024, this widely used browser faced numerous critical Chrome vulnerabilities that put businesses and individuals at risk and led to significant damage. Attackers exploited these flaws to bypass security measures, steal sensitive information, and deploy malicious payloads.   Security managers are……

Read more →

Black Hat, Internet Security, Vulnerabilities, Exploits, Global Security News

KeyTrap DNSSEC: The day the internet (almost) stood still

A severe vulnerability in the internet lookup protocol DNSSEC carried the potential to make much of the web functionally inaccessible for many, according to a presentation at Black Hat Europe. DNSSEC (Domain Name System Security Extensions) offers mitigation against various types of cyberattacks, including DNS spoofing and cache poisoning, by providing a way to cryptographically…

Read more →

Exploits, Global Security News

Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

Details have emerged about a now-patched security vulnerability in Apple’s iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved

Read more →

Exploits, Global Security News

The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices

GUEST RESEARCH: Executive Summary Team82 has researched devices manufactured by Ruijie Networks and discovered 10 vulnerabilities in its Reyee cloud management platform These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices The vulnerabilities, if exploited, could allow a malicious attacker to execute code on any cloud-enabled device, giving them the…

Read more →

Exploits, Global Security News

The Insecure IoT Cloud Strikes Again RCE on Ruijie Cloud-Connected Devices

GUEST RESEARCH: Executive Summary Team82 has researched devices manufactured by Ruijie Networks and discovered 10 vulnerabilities in its Reyee cloud management platform These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices The vulnerabilities, if exploited, could allow a malicious attacker to execute code on any cloud-enabled device, giving them the…

Read more →

Exploits, Global Security News

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. “This flaw…

Read more →

Encryption, Hacking, Vulnerabilities, Exploits, Global Security News

AMD data center chips vulnerable to revealing data through ‘BadRAM’ attack

AMD’s Secure Encrypted Virtualization (SEV), meant to protect processor memory from prying eyes in virtual machine (VM) environments, can be tricked into giving access to its encrypted memory contents using a test rig costing less than $10, researchers have revealed. Dubbed “BadRAM” by researchers from the University of Lübeck in Germany, KU Leven in Belgium,…

Read more →

Data and Information Security, Endpoint Protection, Malware, Exploits, Global Security News

Attackers can abuse the Windows UI Automation framework to steal data from apps

An accessibility feature built into Windows to facilitate the use of computers by people with disabilities can be abused by malware to steal data from other applications or control them in malicious ways that evades detection by most endpoint protection systems. The Windows UI Automation framework has existed since the days of Windows XP and…

Read more →

Cybersecurity, Exploits, Geopolitics, Global Security News, Microsoft, Research, Threats, Turla

Turla living off other cybercriminals’ tools in order to attack Ukrainian targets

A Russian nation-state threat actor has been observed leveraging tools from other cybercriminal groups to compromise targets in Ukraine, a recent report by Microsoft Threat Intelligence disclosed. This clandestine approach, which is the second time in as many weeks that Microsoft has highlighted the group’s effort, shows how Turla uses a wide range of attack…

Read more →

Clop, Exploits, Global Security News, LockBit, MITRE, Ransomware, Research, Technology, Threats

Latest round of MITRE ATT&CK evaluations put cybersecurity products through rigors of ransomware 

MITRE Corporation released findings Wednesday from its latest round of ATT&CK evaluations, assessing the capabilities of enterprise cybersecurity solutions against some of the most prevalent ransomware tactics and North Korean malware. The sixth such evaluation from the nonprofit research organization measured 19 different vendors’ ability to protect enterprise systems by evaluating them against two prominent…

Read more →

Commentary, Cybersecurity, Exploits, Global Security News, Government, Policy, resilience, Salt Typhoon

Why Americans must be prepared for cybersecurity’s worst

The interconnected world we live in has brought incredible opportunities for growth in America. It’s made life better in ways we don’t think about — from the phone in your pocket to the groceries at your local store, networks touch and affect almost all aspects of our daily lives. But there is an old adage…

Read more →

Commentary, Cybersecurity, Exploits, Global Security News, Government, Policy, resilience, Salt Typhoon, Volt Typhoon

Why Americans must be prepared for cybersecurity’s worst

The interconnected world we live in has brought incredible opportunities for growth in America. It’s made life better in ways we don’t think about — from the phone in your pocket to the groceries at your local store, networks touch and affect almost all aspects of our daily lives. But there is an old adage…

Read more →

Adobe, Cybersecurity, Exploits, Global Security News, Microsoft, Patch Tuesday, Technology

Microsoft closes 2024 with extensive security update

In its final Patch Tuesday update of 2024, Microsoft has addressed 71 new security vulnerabilities, including a zero-day flaw that is currently being actively exploited.  The zero-day vulnerability, documented as CVE-2024-49138, is a bug in the company’s Windows Common Log File System (CLFS). It poses a significant threat as it enables attackers to achieve system-level…

Read more →

Adobe, Cybersecurity, Exploits, Global Security News, Microsoft, Patch Tuesday, Technology

Microsoft closes 2024 with extensive security update

In its final Patch Tuesday update of 2024, Microsoft has addressed 71 new security vulnerabilities, including a zero-day flaw that is currently being actively exploited.  The zero-day vulnerability, documented as CVE-2024-49138, is a bug in the company’s Windows Common Log File System (CLFS). It poses a significant threat as it enables attackers to achieve system-level…

Read more →

Exploits, Global Security News

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts…

Read more →

Exploits, Global Security News

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim’s account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found…

Read more →

Exploits, Global Security News

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input

Read more →

Exploits, Global Security News

Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor

A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. “Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a

Read more →

CVE-2024-43451, CVE-2024-43602, CVE-2024-49019, CVE-2024-49039, CVE-2024-49040, Exploits, Global Security News, Google TAG, Microsoft Patch Tuesday November 2024, Satnam Narang, Security Tools, Tenable, Time to Patch

Microsoft Patch Tuesday, November 2024 Edition

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today. The zero-day flaw tracked as CVE-2024-49039 is…

Read more →

Exploits, Global Security News

#StopRansomware: RansomHub Ransomware

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see…

Read more →

Exploits, Global Security News

#StopRansomware: RansomHub Ransomware

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see…

Read more →

Exploits, Global Security News

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that, as of August 2024, a group of Iran-based cyber actors continues to exploit U.S. and foreign organizations. This includes organizations across…

Read more →

Cyber security threats, Cyber security tips, Exploits, Financial organizations cyber security, Global Security News

How to Secure Banking Apps

Securing banking applications is crucial for banking institutions to protect financial data and maintain customer trust. Cybercriminals continuously evolve their tactics, making it essential for banks to stay ahead of potential threats. Here are some essential tips to boost the security of your banking applications. Understand the Threat Landscape Before diving into security measures, it’s…

Read more →

AI and cybersecurity, Exploits, Global Security News

The Rise of Machine Learning and the Shadow IT Conundrum

The relentless march of technological innovation has ushered in a new era of artificial intelligence (AI). AI-powered applications are rapidly permeating every facet of our lives, from the way we work to how we shop. This infiltration extends to the world of business, where AI is transforming how organizations operate. However, this very transformation presents…

Read more →

Exploits, Global Security News

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

Summary The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju: U.S. Cyber National Mission Force (CNMF) U.S. Cybersecurity and Infrastructure Security Agency…

Read more →

Exploits, Global Security News

CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors of sophisticated threat actors and…

Read more →

Exploits, Global Security News

People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

Overview Background This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS),…

Read more →

WordPress Appliance - Powered by TurnKey Linux