The Hacker News
It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure
Moving to the cloud just got easier. Discover how Zerto simplifies your VMware vSphere to Microsoft Azure migration.
The Hacker News
Moving to the cloud just got easier. Discover how Zerto simplifies your VMware vSphere to Microsoft Azure migration.
The Hacker News
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
Bleeping Computer
VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost.
SecurityWeek
Microsoft patched 60 security bugs in multiple products and waned of an actively exploited Windows zero-day (CVE-2024-30051)
Security Affairs
VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-days exploited at the Pwn2Own Vancouver 2024
Bleeping Computer
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
SecurityWeek
Adobe documents multiple code execution flaws in a wide range of products, including the widely deployed Adobe Acrobat and Reader software.
The Hacker News
Researchers have uncovered a critical vulnerability in VMware's Bluetooth device, allowing code execution by malicious actors.
Bleeping Computer
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.
SecurityWeek
VMware has patched three critical and high-severity vulnerabilities exploited earlier this year at the Pwn2Own hacking competition.
SecurityWeek
Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.
Cyber Security News
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
SecurityWeek
European Parliament application breached, DocGo hacked, VMware advisories moved to Broadcom support portal.
Cyber Security News
A sophisticated malware campaign has been identified, specifically targeting Windows and Microsoft Office users through cracked software.
DarkReading
MITRE's hackers made use of at least five different Web shells and backdoors as part of their attack chain.
Security Affairs
MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence.
The Hacker News
MITRE, a renowned research firm, has revealed alarming details about a recent cyber attack that dates back to late 2023.
Cyber Security News
The intrusion, believed to have been carried out by a Chinese threat actor group known as UNC5221, exploited two zero-day vulnerabilities.
CyberSecurity Dive
Espionage groups linked to China are heavily exploiting zero days, focusing on devices that lack endpoint detection and response capabilities, one expert said.
SecurityWeek
MITRE has shared more details on the recent hack, including the new malware and a timeline of the attacker’s activities.
The Hacker News
New findings suggest the ArcaneDoor cyber espionage campaign targeting network devices from Cisco (CVE-2024-20353, CVE-2024-20359).
Krebs on Security
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers…
SecurityWeek
Horizon3.ai's AISaaS-based, AI-assisted penetration service allows proactive defensive action against exploitation of new vulnerabilities.
CSO
Attackers target flaws for a reason: Even years after they are discovered, they still work.
Cyber Security News
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
The Hacker News
Multiple critical vulnerabilities discovered in Brocade SANnav SAN management application, impacting all versions up to 2.3.0.
The Cyber Express
Cyble Research & Intelligence Labs (CRIL) recently discovered evidence suggesting that the threat actors behind the DragonForce ransomware group might
The Hacker News
A new stealthy malware campaign leveraging two zero-day flaws in Cisco networking gear has been uncovered, allowing covert data collection and reconna
The Record
All plasma centers were closed for six days because of the cyberattack, which the ransomware group BlackSuit has claimed.
DarkReading
The irony is lost on few, as a Chinese threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.
CyberSecurity Dive
Exploits of Ivanti VPN products have hit roughly 1,700 organizations. To Mitre, guidance from the vendor and government fell short.
The Hacker News
MITRE, a top cybersecurity firm, breached by a nation-state. Zero-days and session hijacking were the weapons.
SecurityWeek
MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.
Infosecurity News
Non-profit MITRE says a sophisticated state group breached its network via two chained Ivanti zero-days
CSO
According to the non-profit, the breach occurred in January 2024 when the nation-state threat actor conducted a reconnaissance of MITRE’s networks by exploiting one of its VPNs through two Ivanti Connect Secure zero-day vulnerabilities.
SC Magazine
Security pros say while the target was an unclassified network, the research it manages on emerging technologies could be of interest to adversaries.
Security Affairs
Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments.
Security Affairs
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days.
Bleeping Computer
An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks..
Bleeping Computer
The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.
The Cyber Express
The ransomware gang 8Base might have been responsible for an attack on the Atlantic States Marine Fisheries Commission (ASMFC) in
SecurityWeek
Akira ransomware has hit over 250 organizations worldwide and received over $42 million in ransom payments.
Infosecurity News
A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds from March 2023 to January 2024
The Hacker News
Akira Ransomware group has already extorted roughly $42 million from over 250 victims globally. They are now targeting both Windows and Linux systems.
CyberNews
In less than a year of operations, the Akira Ransomware gang, known for multi-extortion tactics, has claimed approximately $42 million in ransomware proceeds.
CSO
The disruption has impacted more than 150 plasma centers in the US, with possible effects on European operations.
The Record
The non-profit corporation overseeing federally funded research was breached in January, when unidentified threat actors performed reconnaissance on its networks by exploiting one of its VPNs.
SC Magazine
Security pros say threat actors gravitate towards Linux because it’s the OS of choice for many critical server functions.
Bleeping Computer
According to a joint advisory from the FBI, CISA, Europol's European Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments.
The Hacker News
Keep your organization out of the ransomware news headlines and your applications protected with this simple, effective solution from Zerto.
The Cyber Express
The RansomHouse group allegedly added Lopesan Hotels to the list of victims on its extortion site, claiming that they had
The Record
The group’s large number of attacks shortly after emerging has led experts to believe it is made up of experienced ransomware actors.
Infosecurity News
The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server
Ars Technica
Broadcom reportedly accused of changing VMware licensing and support conditions.
The Hacker News
Hackers are exploiting a critical vulnerability in Atlassian servers to gain admin access and deploy a Linux variant of Cerber ransomware.
The Record
A locally hosted server belonging to the United Nations Development Programme was targeted, resulting in data theft.
The Record
A notice on the website of the Atlantic States Marine Fisheries Commission says the organization's email system is currently down.
Bleeping Computer
Dutch chipmaker Nexperia confirmed late last week that hackers breached its network in March 2024 after a ransomware gang leaked samples of allegedly stolen data.
Bleeping Computer
Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials.
The Hacker News
Critical security flaw found in Palo Alto Networks firewalls. Hackers are already taking advantage.
Trend Micro
Delve into the world of red team exercises, their vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks, and understand the need for regular testing and improvement to counter evolving threats effectively.
The Hacker News
Microsoft releases a massive patch for April 2024, fixing a record 149 flaws. Two vulnerabilities are ALREADY under attack.
Computerworld
Unified endpoint management software lets IT manage all endpoint devices — smartphones, laptops, desktops, printers, IoT devices, and others — from a single management console. Here’s what to look for in a UEM platform and key vendors to consider.
SecurityWeek
SecurityWeek discusses the CISO role with CISOs from crowdsourced hacking firms: Nick McKenzie at Bugcrowd and Chris Evans at HackerOne.
The Record
A previously unknown ransomware gang has been attacking Russian businesses with malware based on the leaked source code from the Conti hacking group.
Cyber Security News
Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.
Bleeping Computer
Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services.
Infosecurity News
Mandiant research details how Chinese espionage groups are deploying new tools post-exploitation of recently patched Ivanti vulnerabilities
SecurityWeek
CISA hack could impact 100,000 people, Microsoft AI Copilot banned by US House, UK nuclear site prosecution.
Cyber Security News
Multiple security flaws affecting VMware SD-WAN have been addressed, allowing arbitrary commands to be executed on the intended system.
The Hacker News
Multiple China-linked threat actors exploit zero-day flaws in Ivanti appliances (CVE-2023-46805, CVE-2024-21887, CVE-2024-21893).
DarkReading
A Babuk variant has been involved in at least four attacks on VMware EXSi servers, in one case demanding $140 million from a Chilean data center company.
The Record
Several China-based hacking groups, including Volt Typhoon, are targeting a trio of vulnerabilities affecting IT giant Ivanti alongside multiple cybercriminal operations.
Bleeping Computer
Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups.
Bleeping Computer
Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups.
Bleeping Computer
The Chinese 'Winnti' hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected.
Ars Technica
Industry groups aren't giving up hope for government intervention.
The Hacker News
Notorious threat group Earth Freybug uses new malware UNAPIMON to evade detection. This China-linked group is known for espionage and financial attack
Trend Micro
This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.
Cyber Security News
This weekly cybersecurity news recap keeps you informed about the latest threats, exposures, mitigation techniques, and emerging malicious tactics that could compromise systems.
Ars Technica
Proxmox is a Linux-based hypervisor that could replace ESXi for some users.
Cyber Security News
Agenda ransomware group, also known by its aliases Qilin and Water Galura, has been ramping up its attacks on a global scale.
DarkReading
A new and improved variant of the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments.
SecurityWeek
Silicon Valley startup has deposited $10 million in seed-stage funding to help organizations manage risk from cloud and gen-AI products.
Trend Micro
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
Security Affairs
Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days.
SecurityWeek
Exploits targeting Tesla cars, operating systems, and popular software earned participants over $1.1 million at Pwn2Own Vancouver 2024.
Cyber Security News
The Pwn2Own Vancouver 2024 has come to an end, with researchers receiving a total of $1,132,500 for uncovering 29 distinct zero-day
Bleeping Computer
Pwn2Own Vancouver 2024 has ended with security researchers collecting $1,132,500 after demoing 29 zero-days (and some bug collisions).
Security Affairs
Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024 hacking competition, a team demonstrated a Tesla hack.
HACKRead
Pwn2Own is back!
Infosecurity News
The Synacktiv team won its second Tesla car for finding one of 19 zero-day bugs on the first day of Pwn2Own Vancouver
SecurityWeek
Participants earned $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software.
Cyber Security News
This year's Pwn2Own Vancouver 2024 event is expected to be the largest in Vancouver history, both in terms of entries and potential rewards.
Bleeping Computer
On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car.
Cyber Security News
VMware has completed its first 100 days under Broadcom's wing, transformative journey the world's leading infrastructure technology company.
CyberNews
Europe’s cloud operator association CISPE calls for an EU intervention on Broadcom’s “brutal” VMware licensing policy changes.
Cyber Security News
With our weekly cybersecurity news summary, explore and learn about the most recent developments in the cybersecurity field.
Ars Technica
"There's more to come."
The Hacker News
Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.
Loading more articles....