Mandiant

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)

0-day, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, VPN /

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) 2025-01-09 at 14:23 By Zeljka Zorz The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant researchers have shared. It’s still impossible to say whether they were mounted by a single threat actor, but the […]

React to this headline:

Loading spinner

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) Read More »

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)

Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, Microsoft, News, VPN /

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) 2025-01-08 at 21:49 By Zeljka Zorz Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways, one of which (CVE-2025-0282) has been exploited as a zero-day by attackers to compromise Connect Secure VPN appliances. About CVE-2025-0282 and CVE-2025-0283 Both are stack-based buffer overflow

React to this headline:

Loading spinner

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) Read More »

Defenders must adapt to shrinking exploitation timelines

0-day, Don't miss, exploit, Hot stuff, Mandiant, News, patching, report, vulnerability management /

Defenders must adapt to shrinking exploitation timelines 2024-10-16 at 15:16 By Zeljka Zorz A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that,

React to this headline:

Loading spinner

Defenders must adapt to shrinking exploitation timelines Read More »

Private US companies targeted by Stonefly APT

APT, Don't miss, enterprise, extortion, government-backed attacks, Hot stuff, Mandiant, News, North Korea, Symantec, USA /

Private US companies targeted by Stonefly APT 2024-10-03 at 14:01 By Zeljka Zorz Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly has been linked to

React to this headline:

Loading spinner

Private US companies targeted by Stonefly APT Read More »

North Korea Hackers Linked to Breach of German Missile Manufacturer

APT43, Diehl Defence, Kimsuky, Mandiant, Nation-State, North Korea, phishing /

North Korea Hackers Linked to Breach of German Missile Manufacturer 2024-09-30 at 20:46 By Ryan Naraine The targeting of Diehl Defence is significant because the company specializes in the production of missiles and ammunition. The post North Korea Hackers Linked to Breach of German Missile Manufacturer appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

North Korea Hackers Linked to Breach of German Missile Manufacturer Read More »

Iranian APT Operating as Initial Access Provider to Networks in the Middle East

APT34, Iran, Mandiant, Nation-State, UNC1860 /

Iranian APT Operating as Initial Access Provider to Networks in the Middle East 2024-09-24 at 19:01 By Ionut Arghire Iranian state-sponsored threat actor UNC1860 is operating as an initial access provider to high-profile networks in the Middle East. The post Iranian APT Operating as Initial Access Provider to Networks in the Middle East appeared first

React to this headline:

Loading spinner

Iranian APT Operating as Initial Access Provider to Networks in the Middle East Read More »

Mandiant Offers Clues to Spotting and Stopping North Korean Fake IT Workers

China, Fraud & Identity Theft, KnowBe4, Mandiant, Nation-State, North Korea, Russia, UNC5267 /

Mandiant Offers Clues to Spotting and Stopping North Korean Fake IT Workers 2024-09-23 at 20:31 By Ryan Naraine Mandiant shines the spotlight on the growing infiltration of US and Western companies by North Korean fake IT workers. The post Mandiant Offers Clues to Spotting and Stopping North Korean Fake IT Workers appeared first on SecurityWeek.

React to this headline:

Loading spinner

Mandiant Offers Clues to Spotting and Stopping North Korean Fake IT Workers Read More »

Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released

Autodesk, IBM, Industry news, Intel 471, Mandiant, Signify, Tidal Cyber, Trellix /

Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released 2024-08-05 at 15:46 By Industry News A partnership of 28 industry leaders serving public and private organizations across the vendor and consumer community volunteered their time, effort, and experience to launch the first version of the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), designed as the first-of-its-kind

React to this headline:

Loading spinner

Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released Read More »

Mandiant Shines Spotlight on APT45 Behind North Korea’s Digital Military Machine

Andariel, APT45, Lazarus, Malware & Threats, Mandiant, Nation-State, North Korea, Ransomware /

Mandiant Shines Spotlight on APT45 Behind North Korea’s Digital Military Machine 2024-07-25 at 14:16 By Ryan Naraine A fresh Mandiant report documents North Korea’s APT45 as a distinct hacking team conducting cyberespionage and ransomware operations. The post Mandiant Shines Spotlight on APT45 Behind North Korea’s Digital Military Machine appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Mandiant Shines Spotlight on APT45 Behind North Korea’s Digital Military Machine Read More »

Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns

APT41, China APT, Cyberwarfare, Malware & Threats, Mandiant, Nation-State, Winnti /

Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns 2024-07-18 at 22:01 By Ryan Naraine Chinese government-backed hacking team caught breaking into organizations in shipping, logistics and automotive sectors in Europe and Asia. The post Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns Read More »

YetiHunter: Open-source threat hunting tool for Snowflake environments

Don't miss, Hot stuff, Mandiant, News, open source, Permiso, Snowflake, threat detection, threat hunting /

YetiHunter: Open-source threat hunting tool for Snowflake environments 2024-06-14 at 13:31 By Zeljka Zorz Cloud identity protection company Permiso has created YetiHunter, a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise. YetiHunter executing queries (Source: Permiso Security) Recent attacks against Snowflake customers Cloud-based data storage and

React to this headline:

Loading spinner

YetiHunter: Open-source threat hunting tool for Snowflake environments Read More »

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)

0-day, Don't miss, Hot stuff, Kaspersky, Mandiant, Microsoft, News, Patch Tuesday, security update, SharePoint, Trend Micro, vulnerability /

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) 2024-05-14 at 22:02 By Zeljka Zorz For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buffer overflow vulnerability affecting the Windows DWM Core Library that

React to this headline:

Loading spinner

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) Read More »

MITRE breach details reveal attackers’ successes and failures

APT, backdoor, data breach, Don't miss, government-backed attacks, Hot stuff, Ivanti, Mandiant, MITRE, News, reconnaissance, Volexity, web shell /

MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect

React to this headline:

Loading spinner

MITRE breach details reveal attackers’ successes and failures Read More »

Accenture partners with Mandiant to improve cybersecurity operations

Accenture, Google Cloud, Industry news, Mandiant /

Accenture partners with Mandiant to improve cybersecurity operations 2024-05-08 at 10:46 By Industry News Accenture and Mandiant, part of Google Cloud, are teaming up to collaboratively deliver cyber resilience services to help organizations more efficiently detect, investigate, respond to and recover from cyberattacks. As part of the partnership, Accenture will utilize Mandiant Threat Intelligence, a

React to this headline:

Loading spinner

Accenture partners with Mandiant to improve cybersecurity operations Read More »

Google Debuts New Security Products, Hyping AI and Mandiant Expertise

Artificial Intelligence, cloud security, Gemini, generative AI, Incident Response, Mandiant, VirusTotal /

Google Debuts New Security Products, Hyping AI and Mandiant Expertise 2024-05-06 at 21:21 By Ryan Naraine Google rolls out new threat-intel and security operations products and looks to the magic of AI to tap into the booming cybersecurity market. The post Google Debuts New Security Products, Hyping AI and Mandiant Expertise appeared first on SecurityWeek.

React to this headline:

Loading spinner

Google Debuts New Security Products, Hyping AI and Mandiant Expertise Read More »

Global attacker median dwell time continues to fall

cybersecurity, Google Cloud, Mandiant, News, Ransomware, report, survey, threats /

Global attacker median dwell time continues to fall 2024-04-24 at 14:01 By Help Net Security While the use of zero-day exploits is on the rise, Mandiant’s M-Trends 2024 report reveals a significant improvement in global cybersecurity posture: the global median dwell time – the time attackers remain undetected within a target environment – has reached

React to this headline:

Loading spinner

Global attacker median dwell time continues to fall Read More »

The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success

Mandiant, report, Threat Intelligence /

The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success 2024-04-23 at 17:16 By Kevin Townsend Mandiant’s M-Trends 2024 report shows that defenses are improving – and that may be true. But the reality remains that these same statistics demonstrate that if anything, the attackers still retain the upper hand. The post The

React to this headline:

Loading spinner

The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success Read More »

MITRE breached by nation-state threat actor via Ivanti zero-days

data breach, Don't miss, Hot stuff, Incident Response, Ivanti, Mandiant, MITRE, News, Volexity /

MITRE breached by nation-state threat actor via Ivanti zero-days 2024-04-22 at 15:16 By Zeljka Zorz MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is

React to this headline:

Loading spinner

MITRE breached by nation-state threat actor via Ivanti zero-days Read More »

Zero-day exploitation surged in 2023, Google finds

0-day, APT, cybercrime, Don't miss, exploit, Google, Hot stuff, Mandiant, News, spyware /

Zero-day exploitation surged in 2023, Google finds 2024-03-28 at 17:17 By Zeljka Zorz 2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from

React to this headline:

Loading spinner

Zero-day exploitation surged in 2023, Google finds Read More »

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working

Google TAG, Lockdown Mode, Malware & Threats, Mandiant, Nation-State, Vulnerabilities, Zero-Day /

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working 2024-03-27 at 17:01 By Ryan Naraine Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns. The post Google Report: Despite Surge in Zero-Day Attacks, Exploit

React to this headline:

Loading spinner

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working Read More »

Scroll to Top