Ivanti Connect Secure hackers hide in plain sight, evading protections

Mandiant researchers estimate thousands of devices have been exploited, and are urging users to check their systems with a newly updated tool.

By David Jones • Updated March 1, 2024

ConnectWise ScreenConnect faces new attacks involving LockBit ransomware

A variety of hackers are working to exploit a critical vulnerability in the remote desktop application.

By David Jones • Feb. 23, 2024

ConnectWise ScreenConnect under active exploitation due to critical flaws

Security researchers are urging users to immediately patch their systems after the company warned of an authentication bypass vulnerability that is considered trivial to exploit.

By David Jones • Feb. 22, 2024

Biden administration issues executive order on port cybersecurity

The order will transfer crane manufacturing back to the U.S., amid concerns about potential cyber risk to port facilities, maritime transportation and threats from China.

By David Jones • Feb. 21, 2024

FBI-led operation disrupts botnet controlled by state-linked Forest Blizzard

Russia’s GRU-backed group exploited hundreds of vulnerable routers to conduct spear phishing and credential harvesting attacks against U.S. targets.

By David Jones • Feb. 16, 2024

Ivanti Connect Secure threat activity continues as researchers flag additional flaws

The company revised a recent vulnerability disclosure after failing to credit security firm watchTowr.

By David Jones • Feb. 12, 2024

Attackers hit more networking gear, this time a critical Fortinet CVE

The active exploits of Fortinet appliances come during a heightened period of China state-linked malicious activity targeting networking equipment.

By Matt Kapko • Feb. 12, 2024

JetBrains warns of another critical CVE in on-premises TeamCity servers

The new vulnerability disclosure comes two months after authorities warned of other TeamCity exploitation activity linked to Midnight Blizzard.

By David Jones • Feb. 7, 2024

Ivanti VPNs face renewed threat activity after initial patch release and new CVEs

After weeks of mitigation efforts, CISA ordered federal civilian agencies to disconnect the devices.

By David Jones • Feb. 6, 2024

Schneider Electric restores sustainability operations after attack

The energy management company is still investigating the ransomware attack, which led to the theft of data.

By David Jones • Feb. 6, 2024

Delayed Ivanti patch arrives after weeks of exploitation

The company also disclosed two additional high-severity vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure.

By David Jones • Jan. 31, 2024

MOVEit liabilities mount for Progress Software

The company revealed multiple government investigations are underway into the MOVEit vulnerability. It’s also party to more than 100 class-action lawsuits.

By Matt Kapko • Jan. 30, 2024

AI-generated code leads to security issues for most businesses: report

More than three-quarters of developers bypass established protocols to use code completion tools despite potential risks, Snyk’s research found. 

By Lindsey Wilkinson • Jan. 30, 2024

Popular CI/CD tool Jenkins discloses critical CVE

The open source automation server software is used by more than 11 million developers globally, according to the project’s supporters.

By Matt Kapko • Jan. 29, 2024

Ivanti Connect Secure zero-day patches delayed

Researchers observed attackers attempting to manipulate Ivanti’s internal integrity checker, and the cause for the patch delay remains unclear.

By David Jones • Jan. 29, 2024

Nearly 800 GoAnywhere instances are unpatched, exposed to critical CVE

Although patching lags, the number of hosts with publicly exposed and vulnerable admin interfaces are limited.

By Matt Kapko • Jan. 26, 2024

GoAnywhere MFT customers confront yet another critical file-transfer CVE

File-transfer services, including GoAnywhere, were widely exploited by ransomware threat groups in 2023.

By Matt Kapko • Jan. 24, 2024

Atlassian Confluence Data Center under active exploitation in older versions

Security researchers warn that attacks are rapidly accelerating in recent days.

By David Jones • Jan. 23, 2024

CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities

Civilian agencies are under threat following a surge in nation-state linked exploitation of Ivanti Connect Secure and Ivanti Policy Secure devices.

By David Jones • Jan. 19, 2024

CISA’s 1,200 pre-ransomware alerts saved organizations millions in damages

The federal agency’s early warning system notified organizations across multiple critical infrastructure sectors of potential impending attacks.

By Matt Kapko • Jan. 19, 2024

Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative

A suspected state-linked hacker is manipulating an integrity tool used to check systems as customers still await an initial patch.

By David Jones • Jan. 19, 2024

Citrix warns of limited exploitation in a pair of Netscaler zero days

The company said the vulnerabilities are unrelated to CitrixBleed, but urged customers to immediately apply fixes to protect their systems.

By David Jones • Jan. 18, 2024

Progress Software shakes off MOVEit’s financial consequences, maintains customers

Executives described the file-transfer service as one of its stronger performing products and said customers remain loyal.

By Matt Kapko • Jan. 18, 2024

Ivanti Connect Secure exploitation accelerates, 1,700 devices compromised worldwide

Researchers warn additional threat actors are actively working to take advantage of two chained together vulnerabilities.

By David Jones • Jan. 17, 2024

Progress Software’s MOVEit meltdown: uncovering the fallout

Businesses use the file-transfer service because it checks the compliance boxes for keeping data safe. Though initial attacks were targeted, thousands of bystanding businesses were hit indiscriminately.

By Matt Kapko , Julia Himmel • Jan. 16, 2024