The investigation into the SolarWinds supply chain attack continues to reveal significant findings, including the emergence of a new malware strain. Recent digital forensic analysis suggests that a different group of threat actors may be exploiting SolarWinds’ Orion software to deploy a similar persistent backdoor on compromised systems. According to…
Citrix has issued an urgent warning to its clientele regarding a pressing security breach affecting its NetScaler application delivery controller (ADC) devices. The vulnerability is being exploited by malicious actors to orchestrate amplified distributed denial-of-service (DDoS) assaults against various targets across the globe. The company stated that attackers, potentially including…
Fortinet has recently uncovered a significant security vulnerability in its FortiOS SSL VPN, identified as CVE-2024-21762, which is currently believed to be actively exploited in the wild. This flaw, with a CVSS score of 9.6, poses a serious risk by enabling the execution of arbitrary code and commands by outside…
Microsoft Confirms Source Code Access in SolarWinds Attack On Thursday, Microsoft disclosed that threat actors linked to the SolarWinds supply chain attack successfully accessed a limited number of internal accounts within the company. This unauthorized access allowed these sophisticated, nation-state actors to escalate their reach inside Microsoft’s internal network, although…
In its February 2024 Patch Tuesday updates, Microsoft has issued fixes for 73 security vulnerabilities across its software ecosystem, including two zero-day flaws currently under active exploitation. Among these vulnerabilities, five have been categorized as Critical and 65 as Important, while three have a Moderate severity rating. This release also…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included a recently patched security vulnerability affecting Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software in its Known Exploited Vulnerabilities (KEV) catalog. This update comes in response to indications that the flaw is being actively exploited in…
In 2020, enterprises faced unprecedented IT challenges as they rapidly transitioned to remote work and embraced automation technologies. As the year drew to a close, companies began to reassess their cybersecurity infrastructures in an effort to prepare for a return to normalcy in 2021. However, the revelation of a significant…
Cisco Addresses Critical Security Flaw in Secure Client Software Cisco has recently issued patches to rectify a significant vulnerability in its Secure Client software, which poses a considerable risk of exploitation by malicious actors. This flaw allows intruders to initiate a VPN session impersonating a targeted user, potentially compromising sensitive…
The surge of online activities during the COVID-19 pandemic has created unprecedented opportunities for cybercriminals, enabling them to exploit an expanded pool of potential victims. As businesses, educational institutions, and individuals migrated online, they became increasingly vulnerable to an array of cyberattacks, including “zoombombing,” where unauthorized individuals disrupted Zoom meetings…
