API security

Archive

NaN

10. Internet of Things Platform

Network Security

US defense industry subjected to attacks exploiting Ivanti vulnerabilities

SC StaffMarch 4, 2024

U.S. defense industry were noted by the National Security Agency to have been targeted by intrusions leveraging vulnerabilities impacting Ivanti Connect Secure VPN appliances.

Log management

Novel malware enables C2 communications by exploiting GTP

SC StaffMarch 1, 2024

A newly discovered Linux malware dubbed GTPDOOR can establish command-and-control communications in compromised devices by leveraging the GPRS Tunnelling Protocol,

Firewalls, Routers

CISA warns of root persistence in hacked Ivanti devices

SC StaffMarch 1, 2024

CISA urged enterprises to weigh the risks of continued use of previously compromised Ivanti VPN appliances.

GitHub symbol

GitHub battles massive attack of malware repos

SC StaffFebruary 29, 2024

GitHub is having difficulty stopping an ongoing attack impacting millions of code repositories.

Microsoft fixes six critical bugs on Patch Tuesday

Lazarus Group exploits Dell driver to bypass Windows security

SC StaffFebruary 29, 2024

North Korean threat actor organization the Lazarus Group used a zero-day vulnerability in the Windows AppLocker driver,

close up on man hand type password on keyboard computer desktop to access VPN mode

Chinese threat actors continue exploiting Ivanti VPN flaws using new malware

SC StaffFebruary 29, 2024

Ivanti addressed the flaws on Jan. 31 and patched a fifth vulnerability in its enterprise VPN and network access products roughly a week later.

Millions of WordPress sites vulnerable to compromise due to plugin bug

SC StaffFebruary 28, 2024

Five million WordPress sites could be compromised due to an unauthenticated site-wide cross-site scripting flaw in the LiteSpeed Cache plugin.