enterprise
Attackers use fallback ransomware if LockBit gets blocked
Your security solutions might stave off a LockBit infection, but you might still end up with encrypted files: according to Symantec’s threat researchers, some affiliates …
MetaStealer malware is targeting enterprise macOS users
Enterprise macOS users are being targeted by attackers slinging new information-stealing malware dubbed MetaStealer. The MetaStealer malware MetaStealer is delivered within …
How Chinese hackers got their hands on Microsoft’s token signing key
The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 …
Cisco VPNs with no MFA enabled hit by ransomware groups
Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. …
Customizing LLMs for domain-specific tasks
The expansion of large language models (LLMs) in recent times has brought about a revolutionary change in machine learning processes and has introduced fresh perspectives on …
Google Workspace: New account security, DLP capabilities announced
New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration of …
Bogus OfficeNote app delivers XLoader macOS malware
A new macOS-specific variant of the well known XLoader malware is being delivered disguised as the “OfficeNote” app. “Multiple submissions of this sample …
Ivanti Sentry zero-day vulnerability exploited, patch ASAP! (CVE-2023-38035)
Ivanti is urging administrators of Ivanti Sentry (formerly MobileIron Sentry) gateways to patch a newly discovered vulnerability (CVE-2023-38035) that could be exploited to …
Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)
CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden …
(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise
Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A …
Attackers can turn AWS SSM agents into remote access trojans
Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual …
Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)
Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted …