Recent reports reveal a sophisticated supply-chain attack targeting the Vietnam Government Certification Authority (VGCA). This breach involved the manipulation of the agency’s digital signature toolkit, allowing hackers to implant a backdoor into affected systems. The incident was brought to light by Slovak cybersecurity firm ESET, which identified the assault, referred…
The investigation into the SolarWinds supply chain attack continues to reveal significant findings, including the emergence of a new malware strain. Recent digital forensic analysis suggests that a different group of threat actors may be exploiting SolarWinds’ Orion software to deploy a similar persistent backdoor on compromised systems. According to…
Citrix has issued an urgent warning to its clientele regarding a pressing security breach affecting its NetScaler application delivery controller (ADC) devices. The vulnerability is being exploited by malicious actors to orchestrate amplified distributed denial-of-service (DDoS) assaults against various targets across the globe. The company stated that attackers, potentially including…
Recent investigations have surfaced an attempt to breach CrowdStrike, a prominent cybersecurity firm, within the backdrop of the ongoing espionage campaign associated with SolarWinds. The intrusion was reportedly thwarted, revealing critical insights into the current landscape of cybersecurity threats. On December 15, Microsoft’s Threat Intelligence Center flagged a third-party reseller’s…
A critical vulnerability has been identified in the SolarWinds Orion software, which may have been exploited by threat actors as a zero-day to deliver the SUPERNOVA malware across targeted environments. This discovery highlights significant risks for organizations utilizing this widely adopted system monitoring and management tool. The CERT Coordination Center…
Recent cybersecurity research has unveiled a sophisticated credential-stealing malware, implemented using AutoHotkey (AHK), targeting financial institution clients across the US and Canada. This campaign, ongoing since early 2020, emphasizes the alarming trend of cybercriminals employing customized tools for data theft. Among the victims are customers of several prominent banks, including…
Emerging Privacy Solutions in Telecommunications Raise Questions About Cybersecurity In the evolving landscape of telecommunications, a new venture named Phreeli is gaining attention for its promise of enhanced privacy for users. Wilcox, an advocate for consumer privacy, reflects on his long-standing efforts to maintain anonymity in an age of data…
Microsoft Confirms Source Code Access in SolarWinds Attack On Thursday, Microsoft disclosed that threat actors linked to the SolarWinds supply chain attack successfully accessed a limited number of internal accounts within the company. This unauthorized access allowed these sophisticated, nation-state actors to escalate their reach inside Microsoft’s internal network, although…
Barts Health NHS Trust has confirmed a significant data breach attributable to the Cl0p ransomware group, which exploited a vulnerability within Oracle E-Business Suite to access files from one of its invoice databases. This breach has led to the exposure of sensitive information related to payments for medical treatment and…
