Nation-State Cloudflare Hacked by Suspected State-Sponsored Threat Actor A nation-state threat actor accessed internal Cloudflare systems using credentials stolen during the Okta hack. Ionut ArghireFebruary 2, 2024
Cyberwarfare Watch: Top Cyber Officials Testify on China’s Cyber Threat to US Critical Infrastructure Video: Top US cyber officials testify on China’s cyber threat to U.S. national security and critical infrastrcuture. SecurityWeek NewsFebruary 1, 2024
Nation-State US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon The US government neutralizes a botnet full of end-of-life Cisco and Netgear routers being by a notorious Chinese APT group. Ryan NaraineJanuary 31, 2024
Nation-State Ivanti Struggling to Hit Zero-Day Patch Release Schedule Ivanti is struggling to hit its own timeline for the delivery of patches for critical -- and already exploited -- flaws in its flagship... Ryan NaraineJanuary 29, 2024
Malware & Threats Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware The China-linked cyberespionage group Blackwood has been caught delivering malware to entities in China and Japan. Ionut ArghireJanuary 26, 2024
Email Security HPE Says Russian Government Hackers Had Access to Emails for 6 Months HPE told the SEC that Russian state-sponsored threat group Midnight Blizzard had access to an email system for several months. Eduard KovacsJanuary 25, 2024
Nation-State Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half. Ionut ArghireJanuary 22, 2024
Data Breaches Microsoft Says Russian Gov Hackers Stole Email Data From Senior Execs A Russian government-backed hacking team broke into Microsoft’s corporate network and stole emails and attachments from senior executives. Ryan NaraineJanuary 19, 2024
Malware & Threats Microsoft: Iranian APT Impersonating Prominent Journalist in Clever Spear-Phishing Attacks Microsoft says an APT with links to Iran’s military intelligence is impersonating a prominent journalist in clever spear-phishing attacks. Ryan NaraineJanuary 17, 2024
Nation-State Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won't be available until January 22. Ryan NaraineJanuary 10, 2024
Nation-State Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet Malware hunters have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers and linked it to a Chinese APT targeting... Ryan NaraineDecember 13, 2023
Mobile & Wireless Apple Sets Trap to Catch iMessage Impersonators New iMessage Contact Key Verification feature in Apple's iOS and macOS platforms help catch impersonators on its iMessage service. Ryan NaraineDecember 12, 2023