- Attackers exploiting a patched FortiClient EMS vulnerability in the wild
December 19, 2024
During a recent incident response, Kaspersky’s GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company’s networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of SQL command input making the system susceptible to an SQL injection. It specifically ...
- U.S. Considers Ban On Chinese Made TP-Link Routers
December 18, 2024
The United States government is taking aim at TP-Link, a Chinese technology company that dominates the home and small-business router market in the U.S., amid mounting national security concerns. With TP-Link holding a significant 65% market share, federal authorities are investigating potential vulnerabilities in the company’s devices that could be exploited by foreign entities for cyberattacks. Read ...
- Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks
December 17, 2024
Red teaming provides essential tools and testing methodologies for organizations to strengthen their security defenses. Cybercriminals and advanced persistent threat (APT) actors pay close attention to new methods and tools red teams develop, and they may repurpose them with a malicious intent. In October 2024, an APT group that Trend Micro tracks as Earth Koshchei (also ...
- Ivanti Releases Security Updates for Multiple Products
December 11, 2024
Ivanti has released security advisories addressing vulnerabilities in Cloud Services Application, Connect Secure, and Policy Secure. Ivanti Cloud Services Applicance (CSA) is an appliance that provides secure communication and functionality over the internet. Ivanti Connect Secure and Policy Secure are SSL VPN solutions used for remote and mobile access to corporate resources. Read more… Source: NHS Digital Sign ...
- US sanctions Chinese cybersecurity firm for firewall hacks targeting critical infrastructure
December 10, 2024
The U.S. sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target U.S. organizations. On Tuesday, the U.S. Treasury Department said Guan Tianfeng, an employee of Sichuan Silence, used the vulnerability to compromise approximately 81,000 firewalls in April 2020. The hacking campaign, detailed by Sophos in ...
- Zyxel Releases Advisory for Exploited Vulnerability CVE-2024-11667
December 2, 2024
Zyxel has released a security advisory addressing recent targeting of its firewall products. Attackers have been observed exploiting vulnerabilities patched in September (see Cyber Alert CC-4541) and a previously undisclosed high severity vulnerability. CVE-2024-11667 is a path traversal vulnerability and has a CVSSv3 score of 7.5. If exploited, an attacker could download or upload files via ...
- SonicWall Releases Security Updates for SMA100 NetExtender for Windows (CVE-2024-29014)
November 27, 2024
SonicWall has released a security update addressing a vulnerability in the Windows (32 and 64-bit) versions of SonicWall SMA100 NetExtender. SMA100 NetExtender is a virtual private network (VPN) client. This vulnerability tracked as CVE-2024-29014, may allow an attacker to execute arbitrary code when processing an EPC Client update. CVE-2024-29014 was originally assigned a CVSSv3 score of ...
- Sitting Duck Cyber Attacks – Warning Issued As Websites Targeted
November 20, 2024
A cybersecurity threat known as a sitting duck exploit is thought to be putting more than one million websites at risk of attack, according to threat intelligence analysts. The fact that the attack methodology remains underreported could be the reason why Infoblox security researchers called the discovery of multiple hackers using the vulnerability across widespread cyber ...
- Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
October 31, 2024
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is publishing ...
- China drafts ‘quantum-proof’ protocol to defend against advanced cyber attacks
October 30, 2024
Scientists from China are aiming to create a communication protocol which can help protect traditional encryption methods from quantum computer attacks. Chinese scientists recently presented a draft document at an internal event held in Sweden which showed their attempts at making a ‘quantum-proof’ communication protocol. Once ready, the protocol will help agencies and governments across the ...