cyber security

More than 60 zero-day vulnerabilities (0day) that have been made public since 2016 are associated with commercial spyware vendors for government agencies, and vulnerabilities exist in products from a number of companies, including Apple, Adobe, Google, and others, where they have been used for attack purposes including targeting journalists and political dissidents. The report notes that a large number of vulnerabilities are actively exploited in 2023.

The Russian APT28 hackers launched a cyberattack against the NTLMv2 hash relay attack, targeting high-value sectors such as diplomacy, energy, defense, and transportation across the globe. They exploited vulnerabilities in software including Cisco networking equipment, Microsoft Outlook and WinRAR to gain access and data.

AnyDesk, the well-known remote desktop software, has been hacked and some of its data compromised. The company has taken steps to fix the vulnerability and is advising users to reset their passwords and download the latest version of the software.

Cloudflare has disclosed that it was subjected to a potential national-level hack in which attackers illegally accessed its Atlassian servers through stolen credentials and ultimately accessed some of the documentation and limited source code.

GitLab has released a security patch to address a critical vulnerability in its workspace creation feature. The vulnerability allows authenticated users to write arbitrary files to GitLab servers, which could lead to data breaches, malware infections, or other security issues.

Recently, a series of malicious advertisements targeting Chinese-speaking users appeared on Google platforms, enticing users to download fake communication applications, which were actually malware containing Remote Administration Trojans (RATs). These ads were found to link to fake websites hosted on Google Docs or Google Sites and spread through Google infrastructure.

Rapid Software LLC's industrial automation platform, Rapid SCADA, has been found to be susceptible to multiple critical vulnerabilities, posing significant risks of remote code execution, unauthorized access and privilege escalation. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a bulletin detailing the potential vulnerabilities and urging immediate action.

An investigation into cyberattacks in the energy sector has revealed that the attacks may not have been perpetrated by a state-sponsored organization, but rather two waves of attacks that exploited vulnerabilities against the unpatched Zyxel firewall. The attacks were not limited to Denmark, but also included Europe and the United States.

The report emphasizes the need for security operations automation, pointing out that 80%'s security operations can be automated, which not only saves a lot of manpower, but also promotes the interconnection of security devices. Liu Yixiang looks at the future of operational intelligence, which will enable immediate adaptive handling of events and alarms, as well as adaptive remediation of vulnerabilities.

The U.S. Securities and Exchange Commission compromised the X (formerly twitter) account after unidentified individuals took control of the X (formerly twitter) account cell phone number. Approval for the Bitcoin ETF to be listed on all registered national stock exchanges was posted through the account, which did not have two-factor authentication enabled at the time of the theft.The X security team recommends that all users enable two-factor authentication to secure their accounts.