Recent reports indicate that two individuals believed to be associated with China’s notorious Salt Typhoon hacking group may have previously undergone training at Cisco’s renowned networking academy. This development comes amidst growing concerns among U.S. lawmakers that expanded wiretap powers are inadequately protecting citizens’ data, allowing intelligence agencies broader access…
Cisco Addresses Critical Security Vulnerability in Unified Communications Products Cisco has recently issued important patches to mitigate a serious security vulnerability affecting multiple products within its Unified Communications and Contact Center Solutions range. This flaw, identified as CVE-2024-20253, is rated critically high with a CVSS score of 9.9. It poses…
Recent investigations into the possible links between two individuals associated with recent cyber incidents have revealed noteworthy findings. Cary, a researcher, examined two databases of Chinese names and collaborated with Yi Fuxian, a professor of Chinese demography at the University of Wisconsin–Madison. He found that the name Qiu Daibing (邱代兵)…
The investigation into the SolarWinds supply chain attack continues to reveal significant findings, including the emergence of a new malware strain. Recent digital forensic analysis suggests that a different group of threat actors may be exploiting SolarWinds’ Orion software to deploy a similar persistent backdoor on compromised systems. According to…
Citrix has issued an urgent warning to its clientele regarding a pressing security breach affecting its NetScaler application delivery controller (ADC) devices. The vulnerability is being exploited by malicious actors to orchestrate amplified distributed denial-of-service (DDoS) assaults against various targets across the globe. The company stated that attackers, potentially including…
Fortinet has recently uncovered a significant security vulnerability in its FortiOS SSL VPN, identified as CVE-2024-21762, which is currently believed to be actively exploited in the wild. This flaw, with a CVSS score of 9.6, poses a serious risk by enabling the execution of arbitrary code and commands by outside…
Microsoft Confirms Source Code Access in SolarWinds Attack On Thursday, Microsoft disclosed that threat actors linked to the SolarWinds supply chain attack successfully accessed a limited number of internal accounts within the company. This unauthorized access allowed these sophisticated, nation-state actors to escalate their reach inside Microsoft’s internal network, although…
In its February 2024 Patch Tuesday updates, Microsoft has issued fixes for 73 security vulnerabilities across its software ecosystem, including two zero-day flaws currently under active exploitation. Among these vulnerabilities, five have been categorized as Critical and 65 as Important, while three have a Moderate severity rating. This release also…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included a recently patched security vulnerability affecting Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software in its Known Exploited Vulnerabilities (KEV) catalog. This update comes in response to indications that the flaw is being actively exploited in…
