Organizations are scrambling to respond to an active and targeted exploitation of an ongoing vulnerability in Citrix NetScaler ADC and NetScaler Gateway, which can expose users to session hijacking and other threat activity. The Cybersecurity and Infrastructure Security Agency is asking organizations to apply the patch, hunt for malicious activity and report any positive findings back to the agency. READ MORE...
OpenAI has been addressing "periodic outages" due to DDoS attacks targeting its API and ChatGPT services within the last 24 hours. While the company didn't immediately provide any details on the root cause of these incidents, OpenAI confirmed earlier today that they're linked to ongoing distributed denial-of-service (DDoS) attacks. "We are dealing with periodic outages due to an abnormal traffic pattern reflective of a DDoS attack. READ MORE...
Russian financial organization Sberbank states in a press release that two weeks ago it faced the most powerful distributed denial of service (DDoS) attack in recent history. Sberbank is a majority state-owned banking and financial services company and the largest institute in Russia, holding about a third of all assets in the country. Following Russia's invasion of Ukraine, the bank faced international blockades and sanctions and was the target of west-aligned hacktivists multiple times. READ MORE...
Threat hunters at Mandiant are shining the spotlight on a pair of previously undocumented operational technology (OT) attacks last October by Russia's "Sandworm" hackers that caused an unplanned power outage and coincided with mass missile strikes on critical infrastructure across Ukraine. The attacks, which spanned several months and culminated in two disruptive events on October 10 and 12 last year, leveraged what Mandiant is describing as a "novel technique" for impacting industrial control systems (ICS) and OT. READ MORE...
The Federal Bureau of Investigation is warning that ransomware threat actors are targeting casino servers and use legitimate system management tools to increase their permissions on the network. In a private industry notification, the agency says that third-party vendors and services are common attack vector. Ransomware gangs continue to rely on third-party gaming vendors to breach casinos. READ MORE...
The majority of malvertising campaigns delivering malicious utilities that we have tracked so far typically deceive victims with pages that are almost the exact replica of the software vendor being impersonated. For example, we have seen fake websites appearing like the real Webex, AnyDesk or KeePass home page. In a new campaign, we observed a threat actor copying a legitimate Windows news portal to distribute a malicious installer for the popular processor tool CPU-Z. READ MORE...
Organizations using SysAid IT service management software have been warned about a zero-day vulnerability that has been exploited by affiliates of a notorious ransomware operation. Exploitation of the zero-day, tracked as CVE-2023-47246, was apparently first observed by Microsoft's threat intelligence team, which rushed to notify SysAid about the vulnerability and the attacks. The vendor has determined that its SysAid on-premises software is impacted by the flaw. READ MORE...