intelligence gathering

At a critical point in cybersecurity, the U.S. National Security Agency (NSA) and its Cyber Command (USCYBERCOM) welcomes a new leader, Admiral Timothy D. Howe, who officially takes over on Friday, February 2, 2024....

The Russian APT28 hackers launched a cyberattack against the NTLMv2 hash relay attack, targeting high-value sectors such as diplomacy, energy, defense, and transportation across the globe. They exploited vulnerabilities in software including Cisco networking equipment, Microsoft Outlook and WinRAR to gain access and data.

AnyDesk, the well-known remote desktop software, has been hacked and some of its data compromised. The company has taken steps to fix the vulnerability and is advising users to reset their passwords and download the latest version of the software.

Cloudflare has disclosed that it was subjected to a potential national-level hack in which attackers illegally accessed its Atlassian servers through stolen credentials and ultimately accessed some of the documentation and limited source code.

GitLab has released a security patch to address a critical vulnerability in its workspace creation feature. The vulnerability allows authenticated users to write arbitrary files to GitLab servers, which could lead to data breaches, malware infections, or other security issues.

Recently, a series of malicious advertisements targeting Chinese-speaking users appeared on Google platforms, enticing users to download fake communication applications, which were actually malware containing Remote Administration Trojans (RATs). These ads were found to link to fake websites hosted on Google Docs or Google Sites and spread through Google infrastructure.

Rapid Software LLC's industrial automation platform, Rapid SCADA, has been found to be susceptible to multiple critical vulnerabilities, posing significant risks of remote code execution, unauthorized access and privilege escalation. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a bulletin detailing the potential vulnerabilities and urging immediate action.

An investigation into cyberattacks in the energy sector has revealed that the attacks may not have been perpetrated by a state-sponsored organization, but rather two waves of attacks that exploited vulnerabilities against the unpatched Zyxel firewall. The attacks were not limited to Denmark, but also included Europe and the United States.

Juniper Networks (NASDAQ: JUNIER) has issued a security vulnerability advisory to fix a critical Remote Code Execution (RCE) vulnerability in the SRX Series Firewalls and EX Series Switches (CVE-2024-21591), as well as another high-risk vulnerability in Junos OS and Junos OS Evolved (CVE- 2024-21611), which can also be exploited by unauthenticated network attackers to cause a denial of service attack. 2024-21611) in Junos OS and Junos OS Evolved, which can also be exploited by an unauthenticated attacker to cause a denial-of-service attack.

GitLab has released a security update that fixes two critical vulnerabilities, one of which (CVE-2023-7028) allows an attacker to exploit a flaw in the mailbox authentication process to hijack a user account by sending a password reset email to an unauthenticated mailbox. The vulnerability affects multiple versions of GitLab Community Edition (CE) and Enterprise Edition (EE).GitLab has released a fix and advises users to upgrade to the fixed version as soon as possible and enable dual authentication for added security.