MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is…
Trend Micro launches AI-driven cyber risk management capabilities
Trend Micro unveiled AI-driven cyber risk management capabilities across its entire flagship platform, Trend Vision One. This seamlessly integrates more than 10 industry technology categories into one offering, empowering security, cloud and IT operations teams to manage risk proactively. The…
Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor
By Deeba Ahmed IT professionals are under attack! This article exposes a malicious malvertising campaign targeting IT teams with a novel backdoor named MadMxShell. Learn how attackers use typosquatting and DNS techniques to compromise systems. This is a post from…
Windows MagicDot Path Flaw Lets Attackers Gain Rootkit-Like Abilities
A new vulnerability has been unearthed, allowing attackers to gain rootkit-like abilities on Windows systems without requiring administrative privileges. Dubbed “MagicDot,” this vulnerability exploits the DOS-to-NT path conversion process within the Windows operating system. Here, we delve into the technical…
VMware ESXi Shell Service Exploit on Hacking Forums: Patch Now
A new exploit targeting VMware ESXi Shell Service has been discovered and is circulating on various hacking forums. This vulnerability poses a significant risk to organizations using VMware for their virtual environments, potentially allowing unauthorized access and control over virtual…
UK Cyber Agency NCSC Announces Richard Horne as its Next Chief Executive
The hire marks another coup for the British public sector in poaching talent from the technology industry, particularly at the executive level, following the recruitment of Ollie Whitehouse as the NCSC’s chief technology officer earlier this year. This article has…
Ukrainian Soldiers’ Apps Increasingly Targeted for Spying, Cyber Agency Warns
The agency is attributing the surge to a group tracked as UAC-0184, which was spotted in February targeting an unnamed Ukrainian entity in Finland. CERT-UA does not attribute UAC-0184’s activity to any specific foreign cyber threat group. This article has…
Billions of scraped Discord messages up for sale
An internet scraping platform is offering access to a database filled with over four billion Discord messages and combined user profiles. This article has been indexed from Malwarebytes Read the original article: Billions of scraped Discord messages up for sale