Mar 09, 2024NewsroomCyber Attack / Threat Intelligence Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. “In recent weeks, we have seen […]
We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. What makes this strange is that this seems to be a common routine for the DarkSide, I mean BlackCat/ALPHV, ransomware operation which tends to […]
Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. America’s Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities (KEV) […]
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection. While the last two require the attackers to be authenticated on […]
Following next month’s terrible BlackCat malware attack, which caused widespread disruption to the US healthcare system, Optum’s Change Healthcare has begun to restore systems to normal operation. The largest American health insurance company is United Health Group ( UGG), and its subsidiary, Optum Solutions, runs the Change Healthcare system. The US’s largest settlement exchange platform […]
According to Microsoft, the Soviet” Midnight Blizzard” hacking group recently used identification secrets stolen from a cyberattack in January to access some of its internal systems and resource code libraries. After launching a password-spy assault that gained access to a legacy non-production check tenant account in January, Microsoft revealed that Midnight Blizzard ( also known […]
Mar 08, 2024NewsroomInteroperability / Cryptography Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third- party messaging services as the Digital Markets Act ( DMA ) went into effect in the European Union. ” This allows customers of third- group providers who choose to allow interoperability ( interop […]
Mar 08, 2024The Hacker NewsSecrets Management / Access Control In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We’re all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let’s dispense with […]
Mar 08, 2024NewsroomNetwork Security / Risk Cisco has released patches to handle a higher- intensity security flaw impacting its Secure Client software that could be exploited by a threat actor to start a VPN session with that of a qualified user. The networking equipment company described the vulnerability, tracked as CVE- 2024- 20337 ( CVSS […]
NewsroomEndpoint Security / Network Security / Mar 08, 2024 During a cyberattack aimed at an unknown “large business,” risk actors have been spotted using the QEMU open-source equipment emulator as tunneling software. The growth marks the second QEMU that has been employed for this purpose, despite the fact that adversaries have already used a number […]
DoD Cybersecurity protecting your digital world one secure step at a time with DoD Cybersecurity Blogs.
DoDCybersecurityblogs.com | All Rights Reserved | Designed by Omar Solomon