Kirsten Doyle

The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged three newly discovered Ivanti Endpoint Manager (EPM) vulnerabilities—CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161—to its Known Exploited Vulnerabilities (KEV) Catalog, warning federal agencies and entities of active exploitation attempts. The flaws stem from absolute path traversal weaknesses that allow remote, unauthenticated attackers to fully compromise vulnerable Ivanti EPM servers. The vulnerabilities were first reported in October 2023 by Horizon3.ai researcher Zach Hanley and patched by Ivanti on 13 January. However, just over a month later, Horizon3.ai released proof-of-concept (PoC) exploits demonstrating how these vulnerabilities could be used in relay attacks to coerce Ivanti…

Arctic Wolf has warned the industry about ongoing malicious activity targeting the management interfaces of FortiGate firewall devices, which are exposed to the public internet. According to the company, bad actors have been actively exploiting these interfaces since early December last year. While the total extent of the attacks is still being investigated, entities that use these products should review and tighten their security practices immediately. Management interfaces on firewalls are a known target for malicious actors trying to gain initial access to company networks. They often lead to ransomware and other malicious acts. Arctic Wolf stressed that similar attack…

The latest Global Threat Index from Check Point Software Technologies has revealed a sharp rise in AsyncRAT attacks, pushing this stealthy remote access Trojan (RAT) into the top four most prevalent malware strains worldwide.   This is a concerning trend: malicious actors are increasingly eyeing and exploiting trusted platforms to slip through security nets and gain a toehold in company networks. A Growing Global Menace According to researchers, AsyncRAT is being deployed in sophisticated phishing campaigns, often disguised behind Dropbox and TryCloudflare links to bypass conventional security solutions. Once a user clicks, a multi-stage infection chain unfolds, involving LNK, JavaScript, and…

Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated modular macOS malware that targets Xcode projects. The malware was found in the wild during routine threat hunting and is the first known XCSSET variant to surface since 2022. This new version of XCSSET features stronger obfuscation methods, updated techniques to maintain persistence on infected machines, and new ways of infecting systems. These improvements help the malware steal and exfiltrate files, as well as sensitive system and user information, including digital wallet data and personal notes. XCSSET is designed to infect Xcode projects and executes when a developer…

In a recent investigation, Tenable researchers explored how DeepSeek, a large language model (LLM) built by a Chinese company, can be exploited to generate malware, including keyloggers and ransomware, despite its initial refusal to engage in harmful activities. Unlike popular AI models like GPT-4 or Claude, DeepSeek is fully open-source, so anyone can download and use it for free. It’s trained on large datasets, including code, making it very powerful — yet potentially dangerous.  From Guardrails to Jailbreaks Mainstream GenAI platforms like ChatGPT and Gemini also have well-documented protections against malicious use. Reports like OpenAI’s “Disrupting malicious uses of AI…

OpenAI has officially called on US lawmakers to exempt it from complying with state-level AI regulations, instead urging a unified approach under federal AI rules. It argues that a consistent, nationwide framework is critical to maintain US leadership in AI development and deployment. In a newly released policy proposal, the company outlines what it calls a “freedom-focused” strategy, emphasizing that only a national approach will allow American innovation to flourish without being slowed by fragmented, state-specific requirements. Key Elements of OpenAI’s Policy Proposal: Shaping the Future Regulatory Landscape If these proposals are adopted, they could shape the future regulatory landscape.…

Industrial cybersecurity firm Dragos has revealed that a small electric and water utility in Massachusetts was breached by a sophisticated Chinese advanced persistent threat (APT) group for over 300 days.  The attack targeted Littleton Electric Light and Water Departments (LELWD), which serves the towns of Littleton and Boxborough. According to a Dragos case study, the APT group, known as Volt Typhoon, had been inside LELWD’s network since February 2023 but was only discovered in November 2023, just before Thanksgiving. Volt Typhoon, a group linked to the Chinese government, was first publicly identified by Microsoft in May 2023. Since then, the…

The NHS is investigating claims made by a whistleblower regarding a security flaw at Medefer, an online healthcare provider working with the NHS. The whistleblower alleged that a flaw in the company’s application programming interface (API) exposed NHS patient data. Medefer, however, has denied the claims and insists that the vulnerability has been addressed.   When a patient is referred to Medefer for an online appointment, the company receives patient data from the NHS’s e-referral system (e-RS) or the NHS Spine, which is then made available to medical professionals for consultations. The whistleblower, a software testing contractor, claimed that in November…

In a joint advisory, US federal agencies have issued a cybersecurity warning about a sharp increase in attacks by Medusa ransomware, urging business leaders and IT teams to act immediately to protect their organizations.  The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released the advisory as part of the national #StopRansomware initiative, which focuses on helping entities defend against ransomware threats. The Impact on Critical Infrastructure and Business Operations Medusa ransomware is a Ransomware-as-a-Service (RaaS) operation first detected in 2021. Since then, Medusa has been used to…

Google’s Threat Analysis Group (TAG) and Mandiant have uncovered a sophisticated espionage campaign linked to China-nexus threat actors, targeting vulnerable Juniper routers used in enterprise and government networks worldwide. This discovery highlights the ongoing risks posed by state-sponsored attacks against aging network infrastructure.  The malicious actors honed in on end-of-life and unpatched Juniper routers, exploiting known vulnerabilities to gain a foothold in networks. Many of these devices are still in active use despite lacking security updates, making them compelling targets.  After exploiting the routers, the actors behind the campaign deployed custom-built malware frameworks to maintain persistent access—tools that allowed them…