Data Breaches Microsoft Says Russian Gov Hackers Stole Email Data From Senior Execs A Russian government-backed hacking team broke into Microsoft’s corporate network and stole emails and attachments from senior executives. Ryan NaraineJanuary 19, 2024
Vulnerabilities VMware vCenter Server Vulnerability Exploited in Wild VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. Eduard KovacsJanuary 19, 2024
Vulnerabilities Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances Out-of-date Confluence Data Center and Server instances are haunted by a critical vulnerability leading to remote code execution. Ionut ArghireJanuary 17, 2024
Vulnerabilities Google Warns of Chrome Browser Zero-Day Being Exploited The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine. Ryan NaraineJanuary 16, 2024
Hacker Conversations Hacker Conversations: HD Moore and the Line Between Black and White SecurityWeek talked to HD Moore, best known as the founder and original developer of Metasploit. Kevin TownsendJanuary 16, 2024
Malware & Threats Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins The recently disclosed Ivanti VPN zero-days have been exploited to hack at least 1,700 devices, including government, telecoms, defense, and tech. Eduard KovacsJanuary 16, 2024
Application Security New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners. Ionut ArghireJanuary 12, 2024
Cybercrime Mandiant Details How Its X Account Was Hacked Mandiant’s X account was hacked as a result of a brute force attack as part of a cryptocurrency scheme that earned at least $900k. Eduard KovacsJanuary 11, 2024
Nation-State Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won't be available until January 22. Ryan NaraineJanuary 10, 2024
Cyberwarfare Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop. Eduard KovacsJanuary 10, 2024
ICS/OT Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines Hackers can take complete control of Bosch Rexroth nutrunners, installing ransomware or altering settings to cause financial impact and brand damage. Eduard KovacsJanuary 9, 2024
Cybersecurity Funding Cybersecurity Funding Dropped 40% in 2023: Analysis The volume of cybersecurity transactions increased in 2023 compared to 2022, but the total amount of funding decreased significantly. Eduard KovacsJanuary 9, 2024