Threat hunters are scrambling to determine the scope of damage and potential impact from a critical zero-day vulnerability that impacts a trio of Ivanti products, including Ivanti Connect Secure VPN appliances. Shadowserver scans identified more than 900 unpatched Ivanti Connect Secure instances on Sunday and said the devices are likely vulnerable to exploitation. The amount of unpatched and vulnerable instances found by Shadowserver scans is down from more than 2,000 on Thursday. READ MORE...
Blood-donation not-for-profit OneBlood confirms that donors' personal information was stolen in a ransomware attack last summer. OneBlood first notified the public about the attack on July 31, 2024, noting that ransomware actors had encrypted its virtual machines, forcing the healthcare organization to fall back to using manual processes. OneBlood is a supplier of blood to over 250 hospitals across the United States with the attack leading to 'critical blood shortage' protocols. READ MORE...
Ahacking group linked to Russian intelligence has been observed leveraging seemingly legitimate documents from the Kazakhstan government as phishing lures to infect and spy on government officials in Central Asia, according to researchers at Sekoia. The files, laced with malware, include draft versions of diplomatic statements, correspondence letters, internal administrative notes and other documents attributed to the Kazakhstan government between 2021 and 2024. READ MORE...
A ransomware gang dubbed Codefinger is encrypting data stored in target organizations' AWS S3 buckets with AWS's server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used. They do not exfiltrate the data beforehand, but mark the encrypted files for deletion within seven days, thus adding more pressure on organizations to pay the ransom. READ MORE...
Enterprise software maker SAP on Tuesday announced the release of 14 new security notes as part of its January 2025 Patch Day. The most important of the notes are marked 'hot news' (the highest SAP severity rating) and address two critical vulnerabilities in NetWeaver AS for ABAP and ABAP Platform, both with a CVSS score of 9.9. Tracked as CVE-2025-0070, the first of the security defects is described as an improper authentication bug. READ MORE...
Insurance company Allstate and its subsidiary Arity unlawfully collected, used, and sold data about the location and movement of Texans' cell phones through secretly embedded software in mobile apps, according to Texas Attorney General Ken Paxton. Attorney General Paxton says the companies didn't give consumers notice or get their consent, which violates Texas' new Data Privacy and Security Act. READ MORE...
Miscreants running a "mass exploitation campaign" against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment, according to security researchers who say they've observed the intrusions. The team report the networking gear maker has yet to link the malicious activity to a specific flaw, assign a CVE, or patch a related hole. READ MORE...
The US cybersecurity agency CISA is urging federal agencies to patch a second vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) enterprise solutions, based on evidence of active exploitation. Tracked as CVE-2024-12686, the flaw is a medium-severity command injection issue that was discovered during BeyondTrust's investigation into the compromise of a limited number of customer RS SaaS instances, including one associated with the US Department of Treasury. READ MORE...