A naukri.com initiative
Sentinelone
1M
396
Image Credit: Sentinelone
The Good, the Bad and the Ugly in Cybersecurity – Week 40
- Three IRGC employees have been indicted by the DoJ for hacking former President Donald Trump’s campaign and targeting U.S. campaign officials, members of the media and several NGOs.
- Malicious packages have been found in the Python Package Index (PyPI), posing as cryptocurrency wallet management tools, designed to steal data and digital assets.
- CISA warns of a critical vulnerability in Ivanti's Endpoint Manager (EPM) appliances, which is being actively exploited by threat actors.
- The vulnerability, tracked as CVE-2024-29824, affects EPM’s Core server and allows unauthenticated attackers in the same network to perform remote code execution.
- A joint advisory released by U.S and U.K. cybersecurity agencies warn that IRGC actors are likely to continue using similar tactics to influence elections and target high-profile individuals.
- Threat actors are creating new schemes to drain wallets, ongoing vigilance, and a focus on continuous monitoring and community awareness continue to be critical across both the open-source software and cryptocurrency ecosystems.
- Ivanti appliances have been a frequent target of zero-day exploits this year, including a spate of attacks on the firm’s Connect Secure (ICS) and Policy Secure (IPS) network access control appliances, ZTA gateways, and Cloud Services Appliance.
- Instead of triggering malicious actions during installation, packages remain dormant until specific actions are called via names such as "trustdecoderss" and "phantomdecoderss".
- The Department of State has announced a $10 million reward for information on Jalili, Aghamiri, and Balaghi’s whereabouts.
- Ivanti's CEO outlines the company’s goals to revamp their core engineering, security, and vulnerability management practices.
Read Full Article
23 Likes
For uninterrupted reading, download the app