JetBrains says TeamCity servers exploited as it defends disclosure policies

The company is publicly disputing with Rapid7 researchers over the timing and detail provided in connection with critical security vulnerabilities.

By David Jones • March 12, 2024

CISA attacked in Ivanti vulnerabilities exploit rush

The nation’s cyber defense agency was hit “about a month ago” by widely exploited vulnerabilities in the popular remote access VPN product.

By Matt Kapko • March 11, 2024

Yet another threat actor seen exploiting ConnectWise ScreenConnect

Kroll researchers identified a new malware variant threat actors are deploying against the rapidly exploited security vulnerabilities. 

By David Jones • March 6, 2024

JetBrains TeamCity a ripe attack target as more vulnerabilities emerge

Despite available security fixes, Rapid7 researchers raised concerns about JetBrains' lack of coordination in vulnerability disclosure.

By David Jones • Updated March 6, 2024

In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly

The incidents highlight rapid ongoing exploitation by criminal threat actors as customers are urged to patch.

By David Jones • March 4, 2024

Ivanti exploit warnings go global as Five Eyes sound alarm

Ivanti pushed back on some of CISA’s findings, claiming no hacker was able to gain persistence when customers followed recommended mitigations.

By David Jones • Updated March 1, 2024

Utility regulators take steps to raise sector’s cybersecurity ‘baselines’

The voluntary cyber recommendations are intended to serve as a resource for state public utility commissions, utilities and distribution operators and aggregators.

By Robert Walton • Feb. 29, 2024

ConnectWise ScreenConnect critical CVE lures an array of threat actors

The company is urging all on-premises customers to upgrade to a secure version of the application as different threat groups ramp up exploits. 

By David Jones • Feb. 29, 2024

White House rallies industry support for memory safe programming

Major firms, including HPE, SAP and Palantir back administration's push to reduce critical vulnerabilities linked to software development practices.

By David Jones • Feb. 28, 2024

Ivanti Connect Secure hackers hide in plain sight, evading protections

Mandiant researchers estimate thousands of devices have been exploited, and are urging users to check their systems with a newly updated tool.

By David Jones • Updated March 1, 2024

ConnectWise ScreenConnect faces new attacks involving LockBit ransomware

A variety of hackers are working to exploit a critical vulnerability in the remote desktop application.

By David Jones • Feb. 23, 2024

ConnectWise ScreenConnect under active exploitation due to critical flaws

Security researchers are urging users to immediately patch their systems after the company warned of an authentication bypass vulnerability that is considered trivial to exploit.

By David Jones • Feb. 22, 2024

Biden administration issues executive order on port cybersecurity

The order will transfer crane manufacturing back to the U.S., amid concerns about potential cyber risk to port facilities, maritime transportation and threats from China.

By David Jones • Feb. 21, 2024

FBI-led operation disrupts botnet controlled by state-linked Forest Blizzard

Russia’s GRU-backed group exploited hundreds of vulnerable routers to conduct spear phishing and credential harvesting attacks against U.S. targets.

By David Jones • Feb. 16, 2024

Ivanti Connect Secure threat activity continues as researchers flag additional flaws

The company revised a recent vulnerability disclosure after failing to credit security firm watchTowr.

By David Jones • Feb. 12, 2024

Attackers hit more networking gear, this time a critical Fortinet CVE

The active exploits of Fortinet appliances come during a heightened period of China state-linked malicious activity targeting networking equipment.

By Matt Kapko • Feb. 12, 2024

JetBrains warns of another critical CVE in on-premises TeamCity servers

The new vulnerability disclosure comes two months after authorities warned of other TeamCity exploitation activity linked to Midnight Blizzard.

By David Jones • Feb. 7, 2024

Ivanti VPNs face renewed threat activity after initial patch release and new CVEs

After weeks of mitigation efforts, CISA ordered federal civilian agencies to disconnect the devices.

By David Jones • Feb. 6, 2024

Schneider Electric restores sustainability operations after attack

The energy management company is still investigating the ransomware attack, which led to the theft of data.

By David Jones • Feb. 6, 2024

Delayed Ivanti patch arrives after weeks of exploitation

The company also disclosed two additional high-severity vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure.

By David Jones • Jan. 31, 2024

MOVEit liabilities mount for Progress Software

The company revealed multiple government investigations are underway into the MOVEit vulnerability. It’s also party to more than 100 class-action lawsuits.

By Matt Kapko • Jan. 30, 2024

AI-generated code leads to security issues for most businesses: report

More than three-quarters of developers bypass established protocols to use code completion tools despite potential risks, Snyk’s research found. 

By Lindsey Wilkinson • Jan. 30, 2024

Popular CI/CD tool Jenkins discloses critical CVE

The open source automation server software is used by more than 11 million developers globally, according to the project’s supporters.

By Matt Kapko • Jan. 29, 2024

Ivanti Connect Secure zero-day patches delayed

Researchers observed attackers attempting to manipulate Ivanti’s internal integrity checker, and the cause for the patch delay remains unclear.

By David Jones • Jan. 29, 2024

Nearly 800 GoAnywhere instances are unpatched, exposed to critical CVE

Although patching lags, the number of hosts with publicly exposed and vulnerable admin interfaces are limited.

By Matt Kapko • Jan. 26, 2024