Mandiant

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)

0-day, Don't miss, Hot stuff, Kaspersky, Mandiant, Microsoft, News, Patch Tuesday, security update, SharePoint, Trend Micro, vulnerability /

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) 2024-05-14 at 22:02 By Zeljka Zorz For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buffer overflow vulnerability affecting the Windows DWM Core Library that […]

React to this headline:

Loading spinner

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) Read More »

MITRE breach details reveal attackers’ successes and failures

APT, backdoor, data breach, Don't miss, government-backed attacks, Hot stuff, Ivanti, Mandiant, MITRE, News, reconnaissance, Volexity, web shell /

MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect

React to this headline:

Loading spinner

MITRE breach details reveal attackers’ successes and failures Read More »

Accenture partners with Mandiant to improve cybersecurity operations

Accenture, Google Cloud, Industry news, Mandiant /

Accenture partners with Mandiant to improve cybersecurity operations 2024-05-08 at 10:46 By Industry News Accenture and Mandiant, part of Google Cloud, are teaming up to collaboratively deliver cyber resilience services to help organizations more efficiently detect, investigate, respond to and recover from cyberattacks. As part of the partnership, Accenture will utilize Mandiant Threat Intelligence, a

React to this headline:

Loading spinner

Accenture partners with Mandiant to improve cybersecurity operations Read More »

Google Debuts New Security Products, Hyping AI and Mandiant Expertise

Artificial Intelligence, cloud security, Gemini, generative AI, Incident Response, Mandiant, VirusTotal /

Google Debuts New Security Products, Hyping AI and Mandiant Expertise 2024-05-06 at 21:21 By Ryan Naraine Google rolls out new threat-intel and security operations products and looks to the magic of AI to tap into the booming cybersecurity market. The post Google Debuts New Security Products, Hyping AI and Mandiant Expertise appeared first on SecurityWeek.

React to this headline:

Loading spinner

Google Debuts New Security Products, Hyping AI and Mandiant Expertise Read More »

Global attacker median dwell time continues to fall

cybersecurity, Google Cloud, Mandiant, News, Ransomware, report, survey, threats /

Global attacker median dwell time continues to fall 2024-04-24 at 14:01 By Help Net Security While the use of zero-day exploits is on the rise, Mandiant’s M-Trends 2024 report reveals a significant improvement in global cybersecurity posture: the global median dwell time – the time attackers remain undetected within a target environment – has reached

React to this headline:

Loading spinner

Global attacker median dwell time continues to fall Read More »

The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success

Mandiant, report, Threat Intelligence /

The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success 2024-04-23 at 17:16 By Kevin Townsend Mandiant’s M-Trends 2024 report shows that defenses are improving – and that may be true. But the reality remains that these same statistics demonstrate that if anything, the attackers still retain the upper hand. The post The

React to this headline:

Loading spinner

The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success Read More »

MITRE breached by nation-state threat actor via Ivanti zero-days

data breach, Don't miss, Hot stuff, Incident Response, Ivanti, Mandiant, MITRE, News, Volexity /

MITRE breached by nation-state threat actor via Ivanti zero-days 2024-04-22 at 15:16 By Zeljka Zorz MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is

React to this headline:

Loading spinner

MITRE breached by nation-state threat actor via Ivanti zero-days Read More »

Zero-day exploitation surged in 2023, Google finds

0-day, APT, cybercrime, Don't miss, exploit, Google, Hot stuff, Mandiant, News, spyware /

Zero-day exploitation surged in 2023, Google finds 2024-03-28 at 17:17 By Zeljka Zorz 2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from

React to this headline:

Loading spinner

Zero-day exploitation surged in 2023, Google finds Read More »

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working

Google TAG, Lockdown Mode, Malware & Threats, Mandiant, Nation-State, Vulnerabilities, Zero-Day /

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working 2024-03-27 at 17:01 By Ryan Naraine Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns. The post Google Report: Despite Surge in Zero-Day Attacks, Exploit

React to this headline:

Loading spinner

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working Read More »

APT29 hit German political parties with bogus invites and malware

Don't miss, Germany, Hot stuff, Malware, Mandiant, News, phishing, Russian Federation, Zscaler /

APT29 hit German political parties with bogus invites and malware 2024-03-25 at 11:46 By Zeljka Zorz APT29 (aka Cozy Bear, aka Midnight Blizzard) has been spotted targeting German political parties for the first time, Mandiant researchers have shared. Phishing leading to malware The attack started in late February 2024, with phishing emails containing bogus invitations

React to this headline:

Loading spinner

APT29 hit German political parties with bogus invites and malware Read More »

Russian APT29 Hackers Caught Targeting German Political Parties 

APT29, Cozy Bear, Cyberwarfare, Mandiant, Nation-State, Nobelium /

Russian APT29 Hackers Caught Targeting German Political Parties  2024-03-22 at 18:47 By Ryan Naraine Russia’s APT29 hacking group is expanding targets to political parties in Germany using a new backdoor variant tracked as Wineloader. The post Russian APT29 Hackers Caught Targeting German Political Parties  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Russian APT29 Hackers Caught Targeting German Political Parties  Read More »

Photos: BSidesZagreb 2024

BSidesZG, conferences, cybersecurity, EU, Europe, GitGuardian, Mandiant, News /

Photos: BSidesZagreb 2024 2024-03-04 at 05:46 By Mirko Zorz BSidesZagreb is a complimentary, non-profit conference driven by community participation, designed for information security professionals and enthusiasts to gather, exchange ideas, and collaborate. Help Net Security sponsored the 2024 edition that took place on March 1, and here are photos from the event. Bojan Ždrnja, CTO

React to this headline:

Loading spinner

Photos: BSidesZagreb 2024 Read More »

State-sponsored hackers know enterprise VPN appliances inside out

attacks, cyber espionage, Don't miss, enterprise, Fortinet, government-backed attacks, Hot stuff, Ivanti, Mandiant, News, threat, Threat Intelligence /

State-sponsored hackers know enterprise VPN appliances inside out 2024-02-28 at 14:19 By Zeljka Zorz Suspected Chinese state-sponsored hackers who have been leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hunters. They were able to perform a

React to this headline:

Loading spinner

State-sponsored hackers know enterprise VPN appliances inside out Read More »

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, enterprise, exploit, Hot stuff, Huntress, Malware, Mandiant, News, Ransomware, remote access, remote management, Sophos, vulnerability /

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) 2024-02-26 at 13:36 By Zeljka Zorz The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect is a remote desktop solution consisting of server and client

React to this headline:

Loading spinner

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) Read More »

Threat actor used Vimeo, Ars Technica to serve second-stage malware

cybercrime, Don't miss, EU, Hot stuff, Malware, Mandiant, News, theft, USB devices /

Threat actor used Vimeo, Ars Technica to serve second-stage malware 2024-02-01 at 12:31 By Zeljka Zorz A financially motivated threat actor tracked as UNC4990 is using booby-trapped USB storage devices and malicious payloads hosted on popular websites such as Ars Technica, Vimeo, GitHub and GitLab to surreptitiously deliver malware. Another interesting detail about UNC4990 it’s

React to this headline:

Loading spinner

Threat actor used Vimeo, Ars Technica to serve second-stage malware Read More »

1,700 Ivanti VPN devices compromised. Are yours among them?

0-day, APT, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, SMBs, threat hunting, Volexity, VPN, web shell /

1,700 Ivanti VPN devices compromised. Are yours among them? 2024-01-16 at 17:16 By Zeljka Zorz Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit

React to this headline:

Loading spinner

1,700 Ivanti VPN devices compromised. Are yours among them? Read More »

Mandiant Details How Its X Account Was Hacked

Cryptocurrency, cybercrime, Featured, Mandiant /

Mandiant Details How Its X Account Was Hacked 2024-01-11 at 14:32 By Eduard Kovacs Mandiant’s X account was hacked as a result of a brute force attack as part of a cryptocurrency scheme that earned at least $900k. The post Mandiant Details How Its X Account Was Hacked appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Mandiant Details How Its X Account Was Hacked Read More »

10 corporate cybersecurity blogs worth your time

Akamai, AT&T Cybersecurity, AWS, Cloudflare, cybersecurity, Don't miss, Dropbox, ESET, GitHub, Google Cloud, Hot stuff, IBM, Intel, Mandiant, News, Sophos /

10 corporate cybersecurity blogs worth your time 14/11/2023 at 09:02 By Help Net Security In this article, we’ve curated a list of insightful corporate cybersecurity blogs that provide analysis and actionable advice to help you keep your company’s digital assets secure. This list is not meant to be exhaustive since thousands of companies have infosec

React to this headline:

Loading spinner

10 corporate cybersecurity blogs worth your time Read More »

Sandworm hackers incapacitated Ukrainian power grid amid missile strike

APT, critical infrastructure, Don't miss, Hot stuff, ICS/SCADA, Malware, Mandiant, News, Russian Federation /

Sandworm hackers incapacitated Ukrainian power grid amid missile strike 09/11/2023 at 19:17 By Helga Labus Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant. About Sandworm “Sandworm is a threat actor that has carried out cyber operations in support of

React to this headline:

Loading spinner

Sandworm hackers incapacitated Ukrainian power grid amid missile strike Read More »

SnapAttack extends collaboration with Mandiant to optimize threat detection for organizations

Google Cloud, Industry news, Mandiant, SnapAttack /

SnapAttack extends collaboration with Mandiant to optimize threat detection for organizations 09/11/2023 at 15:01 By Industry News SnapAttack announced an expanded partnership with Mandiant, part of Google Cloud, to extend operationalized threat intelligence to organizations of all sizes. Building on its current API integrations, the new endeavor will bring Mandiant’s threat intelligence to customers directly

React to this headline:

Loading spinner

SnapAttack extends collaboration with Mandiant to optimize threat detection for organizations Read More »

Scroll to Top