Recent Exploitation of Vulnerability in SolarWinds Serv-U Software Poses Risk to Sensitive Data A significant high-severity vulnerability affecting SolarWinds Serv-U file transfer software has recently emerged, drawing the attention of cybersecurity experts and malicious actors alike. The flaw, identified as CVE-2024-28995, boasts a CVSS score of 8.6 and relates to…
A recent cybersecurity alert has revealed that the Iranian state-sponsored hacking group known as MuddyWater has deployed a newly identified command-and-control framework named MuddyC2Go, targeting the telecommunications sectors in Egypt, Sudan, and Tanzania. Detectives at Broadcom’s Symantec Threat Hunter Team are monitoring this group under the designation Seedworm, but they…
In a troubling development for cybersecurity, Fortinet, in collaboration with Mandiant, has uncovered a widespread exploitation of FortiManager devices linked to CVE-2024-47575. This vulnerability has compromised over 50 systems across various sectors, with the threat group known as UNC5820 leveraging the flaw to facilitate data theft and unauthorized access. The…
A recent cyber attack has targeted ZicroDATA, a technology service provider, leading to the unauthorized exposure of sensitive data related to Australian visa holders. The breach has compromised a range of information, including personal identifiers such as full names, phone numbers, dates of birth, driving license information, passport numbers, and…
The landscape of cyber threats is evolving significantly as the 2024 U.S. Election approaches, prompting urgent discussions among cybersecurity experts. Recent events spotlight concerns surrounding cyberwarfare and nation-state attacks, fraud management and cybercrime, and the vital role of government measures in mitigating these risks. Assessing the Risks of Cyberthreats and…
The Growing Importance of Penetration Testing Checklists In the face of an increasingly complex threat landscape, the role of penetration testing (pentesting) checklists has never been more crucial for organizations aiming to safeguard their assets. As cyber attackers become more sophisticated, the attack surface—encompassing both internal and external vulnerabilities—continues to…
An Indian court has ordered Star Health and Allied Insurance Company to disclose details concerning a recent data leak that enabled the creation of unauthorized chatbots on Telegram. This ruling aims to facilitate the removal of these chatbots, which have raised significant privacy and security concerns. The court seeks to…
Cyber EspionageLinked to Chinese State Actors Targets Taiwan’s Institutions A cyber espionage campaign, likely orchestrated by a China-linked state-sponsored threat actor, has been reported to target various sectors in Taiwan, including government, academia, technology, and diplomatic organizations, from November 2023 to April 2024. This operation, monitored by Recorded Future’s Insikt…
The Assembly of the Republic of Albania and leading telecommunications provider One Albania have recently become the targets of cyber attacks, according to a disclosure from the country’s National Authority for Electronic Certification and Cyber Security (AKCESK). The agency indicated that these entities are not currently classified under the legislation…
