In a significant cybersecurity breach, Allianz Life, a major US insurance firm, has had 2.8 million sensitive records exposed following a data leak linked to ongoing Salesforce attacks. These stolen records contain critical information pertaining to both business partners and…
Chinese Hackers Exploit Ivanti CSA Zero-Days to Target French Government and Telecoms
On July 3, 2025, France’s cybersecurity agency disclosed that multiple sectors—including government, telecommunications, media, finance, and transport—were affected by a cyber campaign led by a Chinese hacking group. This group exploited several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, identified in early September 2024, has been linked to an intrusion set known as Houken, which reportedly shares characteristics with the threat cluster tracked by Google Mandiant as UNC5174 (also referred to as Uteus or Uetus). According to the French National Agency for the Security of Information Systems (ANSSI), “Houken’s operators use both zero-day vulnerabilities and sophisticated rootkits, alongside a variety of open-source tools primarily developed by Chinese-speaking programmers.” The attack infrastructure utilized by Houken features a mix of components, including commercial VPNs and other tools.
Chinese Hackers Target French Government and Telecoms Using Ivanti CSA Zero-Days On July 3, 2025, the French cybersecurity agency disclosed a significant cyberattack that has affected various sectors, including government, telecommunications, media, finance, and transport. The assault has been attributed…
Oct 24, 2024
Vulnerability / Cyber Attack
The Lazarus Group, a North Korean cyber threat actor, has been linked to the exploitation of a zero-day vulnerability in Google Chrome, allowing them to control infected devices. Cybersecurity firm Kaspersky reported this discovery, which stemmed from a new attack chain identified in May 2024. The attack targeted the personal computer of an unnamed Russian individual using the Manuscrypt backdoor. This involved triggering the zero-day exploit simply by visiting a counterfeit gaming website, “detankzone[.]com,” which aimed at cryptocurrency users. It is believed this campaign began in February 2024. Kaspersky researchers Boris Larin and Vasily Berdnikov noted that the website masqueraded as a professionally designed page for a decentralized finance (DeFi) NFT-based multiplayer online battle arena (MOBA) tank game, enticing users to download a trial version. However, this was merely a façade.
Lazarus Group Exploits Google Chrome Vulnerability to Compromise Targeted Devices On October 24, 2024, cybersecurity experts revealed that the Lazarus Group, a notorious North Korean cyber threat actor, has exploited a recently patched zero-day vulnerability in Google Chrome to gain…
In California, legislation mandates that data brokers must provide clear avenues for consumers to request the deletion of their personal data. However, locating these options poses significant challenges for users. According to an investigation by The Markup and CalMatters, over…
Cybercrime, Data Breach Notification, Data Security Hacking Incident at Clinical Diagnostics Lab Represents Shifting Landscape of Cyber Threats in the Netherlands Marianne Kolbasuk McGee (HealthInfoSec) • August 12, 2025 Image: Getty Images A significant data breach has occurred at a…
In recent years, identity-based attacks have surged, with malicious actors increasingly masquerading as legitimate entities to access sensitive resources and data. Recent studies indicate that approximately 83% of these attacks involve compromised credentials. According to the Verizon DBIR, attackers are now more likely to leverage stolen credentials as their entry point, rather than exploiting vulnerabilities or misconfigurations. Moreover, the focus isn’t just on human identities; Non-Human Identities (NHIs) vastly outnumber their human counterparts in enterprises—by at least a factor of 50. Unlike humans, machines lack reliable multi-factor authentication methods, leading us to depend predominantly on credentials like API keys, bearer tokens, and JWTs. Traditionally, identity and access management (IAM) has been founded on…
Utilizing Credentials as Distinct Identifiers: A Practical Strategy for NHI Management In recent years, the prevalence of identity-based attacks has surged, marking a notable concern for cybersecurity professionals. Malicious actors increasingly exploit the identities of individuals or entities to facilitate…
Theft of paper checks and their use in identity theft constitute a major blind spot in the private sector’s fraud detection networks. Banks and regulators need to come together to find solutions, writes David Maimon, of SentiLink.Douglas Sacha/Adobe Stock In…
Severe Sudo Vulnerabilities Allow Local Users to Escalate to Root Access on Major Linux Distributions
July 4, 2025
By Cybersecurity Insights
Cybersecurity researchers have identified two critical vulnerabilities in the Sudo command-line utility for Linux and Unix-like systems, enabling local attackers to elevate their privileges to root on affected machines. Here’s a summary of the vulnerabilities:
CVE-2025-32462 (CVSS Score: 2.8): In versions prior to 1.9.17p1, Sudo, when configured with a sudoers file specifying a host that is neither the current host nor ALL, permits listed users to execute commands on unintended machines.
CVE-2025-32463 (CVSS Score: 9.3): In Sudo versions before 1.9.17p1, local users can gain root access as a result of the /etc/nsswitch.conf file being utilized from a user-controlled directory in conjunction with the –chroot option.
Sudo is a command-line tool designed to allow low-privileged users to execute commands as another user, typically the superuser, thereby implementing the principle of least privilege for administrative tasks.
Critical Sudo Vulnerabilities Expose Linux Systems to Root Access Risks On July 4, 2025, cybersecurity experts identified two significant vulnerabilities in the Sudo command-line utility widely used across Linux and Unix-like operating systems. These issues pose a serious threat, allowing…
Oct 26, 2024
Cyber Attack / Threat Intelligence
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new malicious email campaign targeting government agencies, businesses, and military organizations. CERT-UA noted, “The emails leverage the allure of integrating popular services like Amazon or Microsoft while promoting a zero-trust architecture.” These messages include attachments that are Remote Desktop Protocol (‘.rdp’) configuration files. When executed, these RDP files connect to a remote server, allowing threat actors to access compromised systems, steal data, and deploy additional malware for subsequent attacks. The preparation for this infrastructure is believed to have started as early as August 2024, and the agency warns that the campaign may extend beyond Ukraine to other countries. CERT-UA has linked the campaign to a threat actor identified as UAC-0215. Amazon Web Services (AWS) also issued a related advisory…
CERT-UA Uncovers Malicious RDP Files Targeting Ukrainian Entities October 26, 2024 Cyber Attack / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has reported a newly identified malicious email campaign directed at various governmental agencies, private enterprises, and…
The city of St. Paul, Minnesota, has fallen victim to a ransomware attack attributed to the Interlock group, resulting in the exposure of 43GB of sensitive data. In response, city officials have opted to refuse the ransom and launched Operation…
