SecurityWeek

Two individuals involved in hacking the taxi dispatch system at JFK airport have been sentenced to prison. 

Backdoor deployed using recent Ivanti VPN vulnerability enables command execution, web request and system log theft.

February 2024 ICS Patch Tuesday: Siemens and Schneider Electric release a total of 18 new security advisories.

Because you can’t secure what you can’t see, having real-time asset visibility across the network is vital to maximizing security, minimizing risk, and protecting the enterprise.

Romanian hospitals turn to pen and paper after ransomware attack on centralized healthcare management system.

CISA has added the Roundcube flaw tracked as CVE-2023-43770 to its known exploited vulnerabilities catalog.

A malware tactic dubbed ‘hunter-killer’ is growing, based on an analysis of more than 600,000 malware samples. This may become the standard approach for advanced attacks.

An active cloud account takeover campaign has impacted dozens of Azure environments and compromised hundreds of user accounts.

ExpressVPN disables split tunneling on Windows after learning that DNS requests were not properly directed.

A possibly China-linked threat actor uses a custom backdoor in a cyberespionage campaign ongoing since at least 2021.

Bugcrowd has raised $102 million in strategic growth funding, which it will use to accelerate growth and improve its platform.

Organizations urged to hunt for potential compromise as exploitation of a recent Ivanti enterprise VPN vulnerability begins.

Warzone RAT dismantled in international law enforcement operation that also involved arrests of suspects in Malta and Nigeria.

Data security firm Cohesity will buy Veritas’ data protection business, creating a data security and management giant valued at roughly $7 billion.

U.N. experts are investigating 58 suspected North Korean cyberattacks valued at approximately $3 billion, with the money reportedly being used fund development of weapons of mass destruction.

A congressional investigation finds that US venture capital firms invested billions in Chinese technology companies in semiconductor, AI and cybersecurity, sectors that are a threat to national security.

Noteworthy stories that might have slipped under the radar: $350 million Google+ data leak settlement, AI used for fraud, 2023 cybersecurity funding report. 

Written in Rust, the new RustDoor macOS backdoor appears linked to Black Basta and Alphv/BlackCat ransomware.

An XXE flaw in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways could lead to unauthenticated access to resources.

AnyDesk has provided more information on the recent hack, including when the attack started and its impact.