Boeing KC-46A Pegasus aerial refueling jet built for the U.S. Air Force at Boeing's airplane production facility on February 22, 2021 in Everett, Washington. While specific companies were not named, defense contractors were among those targeted as part of a campaign by at least two hacking groups that leveraged vulnerabilities Pulse Secure VPN devices. (Photo by David Ryder/Getty Images)

While the cybersecurity community pumps out a seemingly unending list of newly discovered software and hardware vulnerabilities each day, many organizations are far more likely to be compromised in part or in whole by older flaws that have yet to be patched.

In a new blog post released this morning, FireEye’s Mandiant team revealed ongoing exploitation by at least two hacking groups – one of which they linked to China – that represents the worst of both worlds: leveraging older, unpatched vulnerabilities with a dangerous new zero day to attack governments, defense contractors and other businesses in the U.S. and Europe.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.