SecurityWeek
Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ
The new Barracuda ESG zero-day CVE-2023-7102 has been used by Chinese hackers to target organizations in the US and APJ region.
CSO
Most organizations globally have implemented zero trust
Zero-trust adoption is growing according to a recent report from Okta that found 61% of organizations have already implemented a zero-trust initiative.
Security Affairs
China-linked UNC4191 APT relies on USB Devices in attacks against entities in the Philippines
An alleged China-linked cyberespionage group, tracked as UNC4191, used USB devices in attacks aimed at Philippines entities. Mandiant researchers spotted an alleged China-linked cyberespionage group, tracked as UNC4191, leveraging USB devices as attack vectors in campaigns aimed at Philippines entities. This campaign has been active dates as far back as September 2021 and targeted public […]
SecurityWeek
Critical Apache OFBiz Vulnerability in Attacker Crosshairs
Shadowserver sees possible in-the-wild exploitation of a critical Apache OFBiz vulnerability tracked as CVE-2023-49070.
The Hacker News
Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines
A hacking group with suspected ties to China has been linked to a series of cyber espionage attacks in the Philippines, mainly using USB devices.
The Hacker News
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
LockBit ransomware affiliates are exploiting the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.
SecurityWeek
Hackers Stole 'Sensitive' Data From Taiwan Telecom Giant: Ministry
Hackers stole "sensitive information" including military and government documents from Taiwan's Chunghwa Telecom and sold it on the dark web.
Bleeping Computer
Chinese hackers exploit VMware bug as zero-day for two years
A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021.
SecurityWeek
Chinese Cyberspies Use New Malware in Ivanti VPN Attacks
Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades.
Bleeping Computer
Chinese hackers used VMware ESXi zero-day to backdoor VMs
VMware patched today a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data.
The Cyber Wire
Thoughts on International Women's Day 2024.
With March being Women's History Month, and March 8th the observance of International Women's Day, we assembled some thoughts and quotes with these themes in mind from women in our industry to share. Women make up about 25-26% of the cybersecurity workforce. You can read more about that in ISC2's Cyber Workforce Study 2023 here. Based on a recent survey here at N2K CyberWire, nearly a third of our responding audience is female which is up significantly from just a few years ago. We are very proud of the work we do at N2K Networks to support women in STEM. We recently published an encore of our Breaking Through: Securing the advancement of women in cybersecurity panel in honor of International Women's Day. In addition, we are highlighting the work of women in the industry throughout the month of March. We hope you enjoy this bonus content.