Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit https://firewall.firm.in/wp-content/uploads/2025/04/hack.jpg Apr 11, 2025Ravie LakshmananNetwork Security / Vulnerability Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched ...

Don’t give your email to strangers, use a decoy address instead – ET CISO https://etimg.etb2bimg.com/thumb/msid-119630534,imgsize-57824,width-1200,height=765,overlay-etciso/data-breaches/dont-give-your-email-to-strangers-use-a-decoy-address-instead.jpg You’ve heard of burner phones. What about burner email? So much of the internet now requires that you hand over your email address before you’re able to use any services – from an app you’ve downloaded to signing up for a newsletter or redeeming a ...

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks [og_img] Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel. “‘Fast flux’ is a technique used ...

BFSI firms face rising AI risks as data security and quality concerns intensify – ET CISO https://etimg.etb2bimg.com/thumb/msid-119842002,imgsize-7438,width-1200,height=765,overlay-etciso/data-breaches/bfsi-firms-face-rising-ai-risks-as-data-security-and-quality-concerns-intensify.jpg The rapid integration of artificial intelligence (AI) in the banking, financial services, and insurance (BFSI) sector is straining traditional data infrastructures, creating a difficult balance between security, data quality, and sustainability. A recent survey by Hitachi Vantara reveals that 84% of BFSI leaders ...

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features https://firewall.firm.in/wp-content/uploads/2025/03/malware-attack.jpg Mar 30, 2025Ravie LakshmananVulnerability / Zero-Day The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. “RESURGE contains capabilities of the ...

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records https://firewall.firm.in/wp-content/uploads/2025/03/phishing.jpg Mar 27, 2025Ravie LakshmananEmail Security / Malware Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the ...

U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe https://firewall.firm.in/wp-content/uploads/2025/03/tornado-cash.png Mar 22, 2025Ravie LakshmananFinancial Security / Cryptocurrency The U.S. Treasury Department has announced that it’s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. “Based on the Administration’s review of the ...

Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed https://firewall.firm.in/wp-content/uploads/2025/03/action.png The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against one of Coinbase’s open-source projects, before evolving into something more widespread in scope. “The payload was focused on exploiting the public CI/CD flow of one of their open source projects ...

UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools https://firewall.firm.in/wp-content/uploads/2025/03/hacker-cde.png Mar 21, 2025Ravie LakshmananThreat Hunting / Vulnerability Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. “UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination ...

Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 https://firewall.firm.in/wp-content/uploads/2025/03/windows-hacked.png Mar 18, 2025Ravie LakshmananVulnerability / Windows Security An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked ...