Two zero-day vulnerabilities in Ivanti products that were disclosed in January (and patched weeks later) have turned out to be the source of a breach of MITRE, the US government-funded cybersecurity research center. China's nation-state hackers are suspected to be behind the attack given similarities in exploiting these same vulnerabilities in other incidents, but this is not confirmed as of yet.
A dozen Norwegian government ministries suffered a cyber attack exploiting a zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM), the Norwegian National Security Authority (NSM) has disclosed.
File transfer services play crucial roles in securing business and government operations, but companies must be aware of the inherent risks and adopt mitigations to safeguard against those risks.
A spyware vendor in Spain has been linked to a zero-day exploitation framework that impacted Windows, as well as the Chrome and Firefox browsers, from 2018 to 2021. Google researchers present markers found in its code including a script that is signed by the company.
Nation-state attacks on critical infrastructure and cyberespionage, and password attacks from ordinary cybercriminals increased tremendously within a year, according to Microsoft report.
Microsoft Exchange zero-day vulnerabilities affect an estimated 250,000 on-premise servers. The company is aware of attacks involving a single state-sponsored group that compromised less than ten organizations.
The patch comes as attempts to exploit the zero-day vulnerability began to ramp up worldwide, and was badly needed as there were no other viable remediation techniques to stop remote code execution.
New studies from FireEye Mandiant Threat Intelligence and Google’s Project Zero found that 2021 was a record year for zero-day vulnerabilities, more than doubling the amount seen in 2020.
Many organizations affected by Log4j’s zero-day vulnerability with mass internet scanning detected, suggesting the remote code execution flaw was actively targeted in the wild.