The Hacker News
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
Bleeping Computer
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
SecurityWeek
$2.5 Million Offered at Upcoming 'Matrix Cup' Chinese Hacking Contest
Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
SecurityWeek
In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved
European Parliament application breached, DocGo hacked, VMware advisories moved to Broadcom support portal.
Security Affairs
Citrix warns customers to update PuTTY version installed on their XenCenter system manually
Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin's private SSH key.
The Record
As White House preps new cyber rules for healthcare, Neuberger says backlash is unwarranted
The current cybersecurity situation in the healthcare industry is at least a decade in the making, White House official Anne Neuberger said at the RSA Conference.
Bleeping Computer
Citrix warns admins to manually mitigate PuTTY SSH client bug
Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key.
Cyber Security News
Citrix Releases Security Update For Critical PuTTY Vulnerability In Hypervisor
Citrix has released a security bulletin detailing a critical vulnerability (CVE-2024-31497) affecting certain versions of their Citrix
CSO
F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover
Two high-risk vulnerabilities could be exploited to allow attackers to gain full administrative control on devices via leaked password hashes.
CSO
Change Healthcare went without cyber insurance before debilitating ransomware attack
Organizations that eschew cyber insurance give up not only financial protection but also advice from the insurer on improving the security of their systems.
CSO
Citrix quietly fixes a new critical vulnerability similar to Citrix Bleed
Much similar to Citrix-Bleed, the information disclosure bug was identified within NetScaler devices configured as gateway or virtual servers.
DarkReading
Citrix Addresses High-Severity NetScaler Servers Flaw
The flaw was nearly identical to last year's CitrixBleed flaw, but not as severe.
CyberNews
Deutsche Telekom claimed by LockBit, dozens more ransom victims
Deutsche Telekom was one of dozens of other companies from around the globe posted on the infamous LockBit ransomware leak list of victims.
CyberSecurity Dive
Change Healthcare cyberattack: 5 technical takeaways from UnitedHealth CEO’s testimony
Change Healthcare was running on legacy technology, which magnified the ransomware attack’s impact and hampered recovery efforts, Andrew Witty said.
DarkReading
UnitedHealth Congressional Testimony Reveals Fails
The breach used stolen Citrix credentials for an account with no MFA. Attackers went undetected for days, and Change's backup strategy failed.
Infosecurity News
UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA
Andrew Witty made the claims in a written testimony submitted before a House subcommittee hearing
SecurityWeek
UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike
UnitedHealth Group’s CEO Andrew Witty shares details on the damaging cyberattack in testimony before a US Congress committee on May 1.
SC Magazine
Senators grill UnitedHealth CEO on Change Healthcare cyberattack
Andrew Witty stuck with the familiar corporate line of providing consumers with two years of credit monitoring.
Ars Technica
Health care giant comes clean about recent hack and paid ransom
Ransomware attack on the $371 billion company hamstrung US prescription market.
CyberSecurity Dive
Change Healthcare, compromised by stolen credentials, did not have MFA turned on
AlphV deployed ransomware nine days after it used access to a Citrix portal on Change’s network to move laterally within systems, CEO Andrew Witty said in testimony prepared for a House subcommittee hearing set for Wednesday.
Bleeping Computer
Change Healthcare hacked using stolen Citrix account with no MFA
UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled.
CSO
UnitedHealth hackers exploited Citrix vulnerabilities, CEO to testify
In the written testimony before the House Energy and Commerce Committee, CEO Andrew Witty said after gaining access, the threat actor moved laterally within the systems using sophisticated methods and exfiltrated data.
CyberNews
UnitedHealth hackers exploited Citrix bug, CEO says
The massive hack of UnitedHealth Group’s (UHG) tech subsidiary Change Healthcare was the result of an exploit of the Citrix bug, according to UHG CEO Andrew Witty.
SC Magazine
Change Healthcare incident caused by compromised Citrix credentialsa
UnitedHealth Group’s CEO Andrew Witty set to testify before Congress tomorrow – security pros say there’s more to the story and it will take several more months of investigation before we know the full kill chain.
The Record
Congress circles UnitedHealth as effects of ransomware attack continue
UnitedHealth Group CEO Andrew Witty is preparing to testify in two separate congressional hearings about the ransomware attack on the company's Change Healthcare unit.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
CyberSecurity Dive
Cisco devices again targeted by state-linked threat campaign
The campaign, dubbed ArcaneDoor, dates back to late 2023 and is targeting perimeter network devices from Cisco — and potentially other companies.
Ars Technica
Cisco firewall 0-days under attack for 5 months by resourceful nation-state hackers
Perimeter devices ought to prevent network hacks. Why are so many devices allowing attacks?
Cyber Security News
Citrix UberAgent Vulnerability Allows Attackers To Escalate Privileges
Citrix's uberAgent, a sophisticated monitoring tool used to enhance performance and security across Citrix platforms, has been identified as having a critical vulnerability.
Ars Technica
“Highly capable” hackers root corporate networks by exploiting firewall 0-day
No patch yet for unauthenticated code-execution bug in Palo Alto Networks firewall.
Trend Micro
How Red Team Exercises Increases Your Cyber Health
Delve into the world of red team exercises, their vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks, and understand the need for regular testing and improvement to counter evolving threats effectively.
CyberSecurity Dive
Mandiant spots advanced exploit activity in Ivanti devices
The incident response firm identified eight threat groups targeting the remote access VPNs and observed evolved post-exploitation activity.
CyberSecurity Dive
D-Link tells customers to sunset actively exploited storage devices
The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.
The Hacker News
Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws
Multiple China-linked threat actors exploit zero-day flaws in Ivanti appliances (CVE-2023-46805, CVE-2024-21887, CVE-2024-21893).
The Record
Volt Typhoon and 4 other groups targeting US energy and defense sectors through Ivanti bugs
Several China-based hacking groups, including Volt Typhoon, are targeting a trio of vulnerabilities affecting IT giant Ivanti alongside multiple cybercriminal operations.
SC Magazine
Fortinet FortiClient EMS SQL injection flaw exploited in the wild
A PoC exploit is available for the critical flaw, which was added to CISA’s KEV catalog Monday.
HACKRead
Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted
From dark web to ransomware gangs, new tools and tactics are aiding cyber criminals in targeting E-commerce and Aviation Industries.
HACKRead
LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition
A Russian-Canadian citizen, Mikhail Vasiliev, has been sentenced to nearly four years in prison for his involvement in the LockBit ransomware operation.
CyberNews
Canada jails LockBit affiliate for four years
Russian-Canadian national was jailed for crimes while involved with the LockBit ransomware cartel.
The Hacker News
Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws
Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.
Bleeping Computer
Citrix, Sophos software impacted by 2024 leap year bugs
Citrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products.
Computerworld
Enterprise mobility 2024: Welcome, genAI
Many of the buzziest IT trends — low-code automation, digital employee experience, and yes, even generative AI — are making their way into the major mobility management platforms. Here’s what to look for in 2024 and beyond.
Infosecurity News
Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics
Ransomware and destabilization attacks rose in 2023, yet France’s ANSSI is most concerned about a diversification of cyber espionage campaigns
Cyber Security News
LockBit Making A Comeback After The Massive Takedown
The notorious ransomware group LockBit has re-emerged on the dark web, signaling a swift comeback less than a week after a significant
CyberNews
LockBit back online, already targeting hospitals with ransomware
The LockBit ransom gang is back up since global police allege it decimated the group’s infrastructure and claimed the Ernest Health hospital network as its latest victim.
Infosecurity News
Hackers Exploit EU Agenda in Spear Phishing Campaigns
Adversaries targeting EU-based victims increasingly leverage EU affairs in spear phishing attacks, CERT-EU found
Infosecurity News
Notorious Bumblebee Malware Re-emerges with New Attack Methods
Proofpoint researchers observed a new Bumblebee social engineering campaign in February following a four-month absence
CyberNews
US mortgage lender admits to LockBit data breach
Planet Home Lending has disclosed a cyberattack that exposed the loan records of hundreds of thousands of people.
SC Magazine
Planet Home Lending notifies customers of LockBit ransomware incident
In letter to customers, firm said it has no intention of paying a ransom.
HACKRead
CISA and Fortinet Warns of New Critical FortiOS Zero-Day Flaws
Network security vendor Fortinet has released security updates to address remote code execution vulnerabilities in FortiOS.
The Hacker News
Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation
Fortinet has unveiled a critical security flaw in its SSL VPN, CVE-2024-21762, allowing hackers to execute arbitrary code.
SC Magazine
New Fortinet RCE vulnerability potentially under exploitation
The FortiOS bug was patched a day after Volt Typhoon exploitation of past bugs was revealed.
CyberSecurity Dive
Ransomware actors hit zero-day exploits hard in 2023
Ransomware payments surpassed $1.1 billion and researchers say attack sprees targeting MOVEit, GoAnywhere, Citrix devices and PaperCut helped fuel the surge.
The Record
CISA, FBI warn of China-linked hackers pre-positioning for ‘destructive cyberattacks against US critical infrastructure’
Hackers allegedly connected to China’s government are conducting attacks with the long-term goal of causing physical destruction, according to a new advisory from several of the world’s leading cyber agencies.
Infosecurity News
LockBit Reigns Supreme in Soaring Ransomware Landscape
The last quarter of 2023 saw an 80% year-on-year increase in ransomware victim claims, according to ReliaQuest
Security Affairs
Yearly Intel Trend Review: The 2023 RedSense report
The 2023 RedSense report covers long-term observations we have made regarding intel trends and interconnectivity.
DarkReading
'Midnight Blizzard' Breached HPE Email Months Before Microsoft Hack
The Russian APT behind the SolarWinds attacks exfiltrated data from HPE email accounts last May.
Security Affairs
Security Affairs newsletter Round 454 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
VMware confirms critical vCenter flaw now exploited in attacks
VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation.
DarkReading
Citrix Discovers Two Vulnerabilities, Both Exploited in the Wild
These vulnerabilities are the second and third for Citrix but are not expected to be as detrimental as "CitrixBleed."
Security Affairs
CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to Known Exploited Vulnerabilities catalog
DataBreaches
CISA pushes federal agencies to patch Citrix RCE within a week
Sergiu Gatlan reports: Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome...
CyberSecurity Dive
Citrix warns of limited exploitation in a pair of Netscaler zero days
The company said the vulnerabilities are unrelated to CitrixBleed, but urged customers to immediately apply fixes to protect their systems.
CyberSecurity Dive
Progress Software shakes off MOVEit’s financial consequences, maintains customers
Executives described the file-transfer service as one of its stronger performing products and said customers remain loyal.
The Record
In alerting about two Citrix bugs, CISA recommends immediate attention for one
The cyber watchdog says federal agencies much patch one of the Citrix vulnerabilities by January 24 — a rare instance of putting a remediation date of less than three weeks on a vulnerability.
The Record
Federal agencies release cyber guidance for water sector after watchdog criticism
The guidance is an effort by the federal government to close gaps in protections for the water and sanitation industry, which has experienced a raft of cyberattacks in recent years.
The Record
FTC settles second case with geolocation data broker in two weeks
The action against data aggregator InMarket Media suggests the Federal Trade Commission is more aggressively regulating the packaging and selling of individuals’ most sensitive data.
Bleeping Computer
CISA pushes federal agencies to patch Citrix RCE within a week
Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks.
Security Affairs
Citrix warns admins to immediately patch NetScaler for actively exploited zero-days
Citrix fixed two actively exploited zero-day vulnerabilities impacting Netscaler ADC and Gateway appliances
SecurityWeek
Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation
Citrix is aware of attacks exploiting two new NetScaler ADC and Gateway zero-day vulnerabilities tracked as CVE-2023-6548 and CVE-2023-6549.
CSO
Citrix NetScaler devices face active zero-day exploitations
A few older versions of NetScaler ADC and NetScaler Gateway have bugs allowing RCE and DoS attacks.
The Hacker News
Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!
Citrix Patches Critical RCE Vulnerabilities (CVE-2023-6548, CVE-2023-6549) Exploited in Wild.
Bleeping Computer
Citrix warns of new Netscaler zero-days exploited in attacks
Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.
Ars Technica
Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks
Organizations using Ivanti Connect Secure should take action at once.
Ars Technica
Millions still haven’t patched Terrapin SSH protocol vulnerability
Terrapin isn't likely to be mass-exploited, but there's little reason not to patch.
CyberSecurity Dive
Xerox discloses a subsidiary’s breach following ransomware claim of data theft
Inc, a relatively new threat group, previously claimed to have stolen company data.
The Record
After ransomware claims, Xerox says subsidiary hit with cyberattack
The printing and business services giant said its XBS division "experienced a security incident." A cybercrime gang called INC said it was responsible.
The Cyber Express
Decoding Hackers in 2023: The Year’s Most Disruptive Cybercriminals and Cybercrime Syndicates
The year 2023 witnessed a surge in high-profile cyberattacks, leaving organizations shattered and the world in chaos. This digital turmoil
Cyber Security News
10 Most Notable Cyber Attacks of 2023
Top 10 Hacks of 2023. Malware. Phishing. Denial of Service (DoS). Distributed Denial of Service (DDoS). Man-in-the-Middle (MitM).
Cyber Security News
Top 10 Vulnerabilities That Were Exploited the Most In 2023
Some of the vulnerabilities were added to the CISA’s Known Exploited Vulnerabilities catalog marking them as extremely important to patch.
Infosecurity News
Ransomware Leak Site Victims Reached Record-High in November
The number of victims listed on ransomware leak sites is up 110% year-on-year in November, according to Corvus Insurance
CyberSecurity Dive
CISA seeks comment on secure by design principles to boost global software security
The agency issued an RFI seeking industry input on costs, how to incorporate security into higher education and how to reduce recurring security vulnerabilities.
SecurityWeek
Xfinity Data Breach Impacts 36 Million Individuals
The recently disclosed Xfinity data breach, which involved exploitation of the CitrixBleed vulnerability, impacts 36 million individuals
HACKRead
Xfinity Rocked with Data Breach Impacting 36 Million Users
Comcast Cable Communications, LLC, operating under the brand name Xfinity, has suffered a massive data breach affecting 36 million users.
Infosecurity News
Xfinity Discloses Data Breach Impacting Nearly 36 Million
Comcast Cable business Xfinity has suffered a data breach affecting almost 36 million customers
The Cyber Wire
Comcast's Xfinity service responds to a major data breach.
Comcast warns Xfinity customers affected by a CitrixBleed exploit.
CSO
Hackers steal data from millions of Xfinity customers via Citrix Bleed vulnerability
About 36 million Xfinity customers are affected, with names, contact info, birth dates, parts of Social Security numbers, and the answers to secret security questions stolen.
Security Affairs
Comcast’s Xfinity customer data exposed after CitrixBleed attack
Comcast’s Xfinity discloses a data breach after a cyber attack hit the company by exploiting the CitrixBleed vulnerability.
Ars Technica
Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price
Data for almost 36 million customers now in the hands of unknown hackers.
DarkReading
Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected
A trove of personal data belonging to millions of Americans is just the latest bullet point in a bad year for Citrix customers.
PCMag
Hackers Hit Comcast's Xfinity to Steal Data on 35 Million People
In some cases, the hackers only stole usernames and hashed passwords. But in other cases, details including contact information and dates of birth were looted.
DataBreaches
Comcast Cable Communications notifies 35,879,455 consumers affected by Citrix incident
The timeline from their notification to consumers tells the sad story: Notice of Data Security Incident We are notifying you of a recent data security incident...
SecurityWeek
Xfinity Customer Data Compromised in Attack Exploiting CitrixBleed Vulnerability
Comcast’s Xfinity says customer data, including credentials, were compromised in an attack exploiting the CitrixBleed vulnerability
CyberSecurity Dive
Comcast’s Xfinity discloses massive data breach linked to CitrixBleed vulnerability
The breach, involving 35.9 million customers, took place just a week after Citrix released a patch for a critical flaw.
CyberNews
Breach of Comcast’s Xfinity exposes nearly 36 million people
Comcast's Xfinity breach exposed tens of millions of usernames and hashed passwords.
The Cyber Express
Xfinity Data Breach Confirmed, Company Issues Security Patches
Xfinity is reaching out to its customers to inform them about a data security incident that unfolded in October 2023.
Bleeping Computer
Xfinity discloses data breach after recent Citrix server hack
Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems.
Bleeping Computer
Xfinity discloses data breach affecting over 35 million people
Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems.
The Record
36 million people affected by data breach at Xfinity
Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability in Citrix technology exposed data of about nearly 36 million people in mid-October.
Loading more articles....