Bleeping Computer
Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data.
Bleeping Computer
Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems.
Bleeping Computer
Zscaler says that today's rumors it was breached are false after a threat actor claimed to be selling access to one of the "largest cyber security companies."
The Hacker News
Aruba Networking has released critical security patches for ArubaOS. Four flaws could allow remote code execution, giving attackers full control.
Security Affairs
HPE Aruba Networking addressed four critical remote code execution vulnerabilities impacting its ArubaOS network operating system.
Bleeping Computer
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
CyberSecurity Dive
Critics say negligence, misguided investments and hubris have left the enterprise giant on its back foot.
The Hacker News
Multiple critical vulnerabilities discovered in Brocade SANnav SAN management application, impacting all versions up to 2.3.0.
SecurityWeek
The Brocade SANnav management application is affected by multiple vulnerabilities, including a publicly available root password.
Ars Technica
Broadcom reportedly accused of changing VMware licensing and support conditions.
Bleeping Computer
Home Depot has confirmed that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks.
Bleeping Computer
Acuity, a federal contractor that works with U.S. government agencies, has confirmed that hackers breached its GitHub repositories and stole documents containing old and non-sensitive data.
Bleeping Computer
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor.
Bleeping Computer
The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year.
The Cyber Express
IntelBroker, a shadowy figure in the cybersecurity world, has gained notoriety for a string of high-profile cyberattacks and subsequent data
Cyber Security News
Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes.
CyberSecurity Dive
Major firms, including HPE, SAP and Palantir back administration's push to reduce critical vulnerabilities linked to software development practices.
The Hacker News
Nations unite to warn against the MooBot botnet threat targeting Ubiquiti EdgeRouters.
DarkReading
CISA and its counterparts in the UK and other countries this week offered new guidance on how to deal with the threat actor's recent shift to cloud attacks.
The Hacker News
Russian hackers target cloud infrastructure. Learn their tactics & how to defend yourself.
Security Affairs
The popular hacker IntelBroker announced that it had hacked the Los Angeles International Airport by exploiting a flaw in its CRM system
Bleeping Computer
A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users.
Cyber Security News
Best Network Security Providers for Education: 1. Perimeter81 2. Cisco Systems 3. Palo Alto Networks 5. Sophos 6. McAfee 7. Symantec.
SecurityWeek
Thirty-four cybersecurity-related merger and acquisition (M&A) deals were announced in January 2024.
Security Affairs
Hewlett Packard Enterprise (HPE) is investigating a new data breach after a threat actor claimed to have stolen data on a hacking forum.
Bleeping Computer
Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information.
Bleeping Computer
AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
Bleeping Computer
AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
The Cyber Express
Several chunks of data belonging to Hewlett Packard Enterprise (HPE) are purportedly up for sale on the dark web. The
Infosecurity News
Microsoft said the Russian nation-state group Midnight Blizzard obfuscated its attack through the use of an OAuth application
Cyber Security News
On January 12, 2024, Microsoft identified a nation-state threat actor, "Midnight Blizzard," attacking their corporate systems. Upon discovery, Microsoft deployed its incident response process to disrupt the malicious activity and mitigate the attack.
SC Magazine
Microsoft said it was also compromised via the same OAuth app abuse it warned about and offers tips to detect and protect.
Security Affairs
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
DarkReading
Threat actors created and abused OAuth apps to access Microsoft's corporate email environment and remain there for weeks.
Bleeping Computer
Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign.
Security Affairs
Microsoft revealed that Russia-linked APT Midnight Blizzard has been targeting organizations worldwide in a cyberespionage campaign.
Ars Technica
Hacks by Kremlin-backed group continue to hit hard.
CyberSecurity Dive
Critics say the hack of senior Microsoft executives’ emails is another example of a longstanding series of security lapses and foot-dragging by the company.
The Hacker News
Microsoft confirms Russian hackers who breached them in November are now targeting more organizations.
The Cyber Express
In an era where cybersecurity has become an integral part of organizations, the role of Chief Information Security Officers (CISOs)
DarkReading
The Russian APT behind the SolarWinds attacks exfiltrated data from HPE email accounts last May.
DataBreaches
Lawrence Abrams reports: Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the...
CyberSecurity Dive
The attack by Midnight Blizzard, the group that recently hit Microsoft, stole emails and data from HPE employees in cybersecurity and other business units.
SecurityWeek
HPE told the SEC that Russian state-sponsored threat group Midnight Blizzard had access to an email system for several months.
Infosecurity News
Hewlett Packard Enterprise reveals that Russian state APT29 hackers stole data from corporate mailboxes
Cyber Security News
HP Hacked by Russian 'Cozy Bear' hacker Group, known as Cozy Bear, had breached its cloud-based email environment.
Security Affairs
Hewlett Packard Enterprise (HPE) revealed that Russia-linked APT Midnight Blizzard gained access to its Microsoft Office 365 email system
The Cyber Express
In a disclosure to the Securities and Exchange Commission (SEC), Hewlett Packard Enterprise Company (HPE) revealed that it had fallen
The Hacker News
Major Tech Giant HP Enterprise Hacked by Russian Intelligence Group Linked to DNC Breach
CSO
The company says the threat actor, also believed to be behind a recent Microsoft attack, accessed a “small percentage” of corporate mailboxes.
SC Magazine
For the second time in a week, a leading tech firm revealed it was compromised by APT29.
PCMag
HPE says an infamous Russian state-sponsored hacking group breached its systems to access emails belonging to its cybersecurity and business departments.
Bleeping Computer
Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.
The Record
In a filing with regulators, HPE said it was notified on December 12 that hackers connected to Cozy Bear, also known as Midnight Blizzard, had breached its network and spent months exfiltrating data.
The Hacker News
Juniper Networks addresses a major 9.8-rated RCE vulnerability in SRX Series firewalls & EX Series switches.
Cyber Security News
The union of Juniper Networks and Hewlett Packard Enterprise marks a bold leap forward in the age of AI-powered networking.
SecurityWeek
HPE to acquire Juniper Networks for $14 billion to accelerate AI-Driven innovation and strengthen its high-margin networking business.
CSO
Fusing Banyan Security’s ZTNA into SonicWall’s existing stack will streamline its SASE offering.
CSO
The guide offers supply chain risk intelligence for IT infrastructure including endpoints, servers, network devices, and cloud infrastructure products.
SecurityWeek
ICS Patch Tuesday: Siemens and Schneider Electric release over a dozen advisories addressing more than 40 vulnerabilities.
Ars Technica
With the ability to manage huge fleets of servers, BMCs are ideal places to stash malware.
Cyber Security News
HPE OneView is an integrated IT infrastructure management software that automates IT operations and streamlines infrastructure lifecycle management that includes computing, storage, and networking.
.webp)
Cyber Security News
Welcome to Cyber Writes' weekly Threat and Vulnerability Roundup, where we provide the most recent information on cybersecurity news. Take advantage of our extensive coverage and keep yourself updated.
Security Affairs
Cybernews research team discovered that two Suzuki-authorized dealer websites were leaking customers’ sensitive information. Suzuki or otherwise, buying a new vehicle is an intense experience with complicated credit, insurance, documentation, and contracts. Think of all the data that you leave in a dealership, including the fact that you now own a brand-new car – which […]
SecurityWeek
Two new vulnerabilities in AMI BMC can allow attackers to take control of systems and cause physical damage.
Cyber Security News
Best Mobile app security scanners: 1. Android Debug Bridge 2. SandDroid 3. App-Ray4. Drozer 5. Synopsys 6. Quixxi 7. StacoAn 8. Ostorlab
Infosecurity News
The giant chip manufacturer’s supplier, Kinmax, admits to an attack against its internal specific testing environment
Security Affairs
The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company (TSMC) and $70 million ransom. TSMC is the world’s biggest contract manufacturer of chips for tech giants, including Apple and Qualcomm Inc. As reported by BleepingComputer, on Wednesday, […]
Ars Technica
The pernicious LockBit ransomware syndicate claims responsibility and demands $70 million.
Infosecurity News
If confirmed, it could be the fourth-largest ransom demand of all time
SecurityWeek
LockBit ransomware group claims TSMC hack and is asking for a $70 million ransom, but the chip giant says only a supplier was breached.
Cyber Security News
Best Cloud Service Providers: 1. AWS 2. Google Cloud 3. Azure 4. Oracle Cloud 5. VMware 6. DigitalOcean 7. Rackspace 8. IBM Cloud.
CSO
HPE plans to expand its Aruba SASE platform with Axis Security’s Atmos, delivering a comprehensive edge-to-cloud, network and security solution as a service.
CSO
Vendor announces the 7.0 software release of its Cohesity Data Cloud platform with a focus on “data-centric” cyber resilience.
DarkReading
Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.
SecurityWeek
Cisco is working on patches for an IP Phone vulnerability that can be exploited for remote code execution or DoS attacks.
CSO
The newly discovered vulnerabilities could allow attackers to gain control of servers that use AMI's MegaRAC BMC firmware.
SecurityWeek
Serious vulnerabilities in widely used AMI BMC can expose many data centers and cloud services to attacks, including remote control, malware delivery and damage.
Bleeping Computer
Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers.
SecurityWeek
Palo Alto Networks and Aruba have each announced patches for serious authentication bypass vulnerabilities affecting their products.
Bleeping Computer
A set of six high-severity firmware vulnerabilities impacting a broad range of HP Enterprise devices are still waiting to be patched, although some of them were publicly disclosed since July 2021.
Bleeping Computer
A set of six high-severity firmware vulnerabilities impacting a broad range of HP Enterprise devices are still waiting to be patched, although some of them were publicly disclosed since July 2021.
Ars Technica
With speed of 1.1 exaflop/s, DOE system at Oak Ridge lab leads Top 500 list.
The Record
The two companies' widely used Aruba and Avaya network switches have vulnerabilities in NanoSSL, a popular library for the TLS protocol.
SecurityWeek
TLStorm 2.0 vulnerabilities can be exploited to remotely hack Aruba and Avaya switches and abuse them to gain access to enterprise networks.
CSO
The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.
CyberSecurity Dive
Researchers previously found similar vulnerabilities in Smart-UPS devices.
Bleeping Computer
HP has disclosed 16 high-impact UEFI firmware vulnerabilities that could allow threat actors to infect devices with malware that gain high privileges and remain undetectable by installed security software.
CSO
With lead times as long as 400 days, enterprises need to start looking at alternative ways to get the network equipment they need.
SecurityWeek
Many high-severity privilege escalation vulnerabilities have been patched in Intel firmware and software with the first round of security updates released in 2022.
ZDNet
23 "high-impact vulnerabilities" were discovered by security company Binarly.
Bleeping Computer
Researchers have found over 20,000 instances of publicly exposed data center infrastructure management (DCIM) software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks.
CSO
The MoonBounce rootkit implants a malicious driver in the Windows kernel to provide persistence and stealthiness.
ZDNet
Microsoft's promised secured-core servers, running Windows Server and Azure Stack HCI, are available for purchase.
ZDNet
The new EdgeConnect Microbranch solution promises to bring office-level networking capabilities to home offices via a single Wi-Fi access point.
DataBreaches
Lawrence Abrams reports: HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor...
Bleeping Computer
Microsoft has released Windows 10 21H2 19044.1200 with the awaited new Windows Hello security feature, WPA3 HPE support, and GPU computing in the Windows Subsystem for Linux.
Bleeping Computer
Hewlett Packard Enterprise (HPE) has released a security update to address a zero-day remote code execution vulnerability disclosed last year, in December.
Bleeping Computer
Newly discovered Wi-Fi security vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) are impacting all Wi-Fi devices (including computers, smartphones, and smart devices) going back as far as 1997.
Bleeping Computer
More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. In new reporting, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov's systems.