Nokia Employee Data Breach: 7,622 Records Exposed in July 2024
In July 2024, Nokia Corporation confirmed a data breach that exposed the personal details of 7,622 employees. This breach was claimed by a threat actor known as 888, who allegedly…
HealthEquity Data Breach Exposes Protected Health Information of 4.3 Million Individuals
In early July 2024, HealthEquity, a prominent U.S. health savings account (HSA) and healthcare services provider, reported a significant data breach. The breach compromised the protected health information (PHI) of…
CVE-2024-3400 – Exploitation of Palo Alto Networks’ PAN-OS
Overview A critical vulnerability, designated as CVE-2024-3400, has been identified within the GlobalProtect component of Palo Alto Networks’ PAN-OS. This zero-day flaw is classified under CWE-77 (Command Injection) due to…
Understanding TIBER-EU: A Comprehensive Guide to Europe’s Cybersecurity Framework
In the rapidly evolving landscape of cyber threats, the importance of robust and sophisticated cybersecurity measures cannot be overstated. One of the key initiatives in this domain is TIBER-EU –…
ICBC hit by ransomware attack
The Industrial and Commercial Bank of China (ICBC), the world’s largest commercial bank, experienced a ransomware attack on its U.S. arm, ICBC Financial Services (FS). This incident, occurring on November…
Critical Vulnerability CVE-2023-39143 in PaperCut Poses RCE Threat to Unpatched Servers
The recently discovered critical security vulnerability in PaperCut’s NG/MF print management software, tracked as CVE-2023-39143 (NVD), has brought attention to the potential risks posed by unpatched Windows servers. This flaw…
Deceptive Python Package ‘VMConnect’ Targets VMware vSphere Users
A recent cybersecurity incident has brought to light a malicious Python package on the Python Package Index (PyPI), posing as the VMware vSphere connector module ‘vConnector’. This package, named ‘VMConnect’,…
Ivanti Patches another Zero-Day Exploited in Norwegian Government Attacks – Active Exploitation Observed
Ivanti has patched another critical vulnerability in its Endpoint Manager Mobile software (formerly MobileIron Core), which was exploited as a zero-day to breach the IT systems of several ministries in…
MikroTik RouterOS Vulnerability: CVE-2023-30799
Introduction In a recent blog post by VulnCheck, a vulnerability in MikroTik RouterOS was discussed in detail. The vulnerability, identified as CVE-2023-30799, affects MikroTik RouterOS up until version 6.49.8 (July…
Risks Associated with Managed File Transfer (MFT) Solutions
Managed File Transfer (MFT) solutions are essential tools for businesses to securely transfer sensitive data. However, like any software, they can be vulnerable to exploits if not properly managed and…