News – November 2024


  • SonicWall Releases Security Updates for SMA100 NetExtender for Windows (CVE-2024-29014)

    November 27, 2024

    SonicWall has released a security update addressing a vulnerability in the Windows (32 and 64-bit) versions of SonicWall SMA100 NetExtender. SMA100 NetExtender is a virtual private network (VPN) client. This vulnerability tracked as CVE-2024-29014, may allow an attacker to execute arbitrary code when processing an EPC Client update. CVE-2024-29014 was originally assigned a CVSSv3 score of ...

  • UK Nuclear body opens cyber security hub

    November 27, 2024

    A nuclear body has launched a cyber security hub to help protect itself from IT threats. The Nuclear Decommissioning Authority (NDA) opened the centre at Herdus House in Moor Row, near the Sellafield nuclear plant in Cumbria. It said the Group Cyberspace Collaboration Centre (GCCC) provided a space for experts to share knowledge on how to ...

  • Ransomware attack on Blue Yonder disrupts Starbucks, Sainsbury’s, Morrisons

    November 27, 2024

    Starbucks has confirmed that a ransomware attack on software supplier Blue Yonder has disrupted its internal systems for managing employee schedules and tracking work hours. The incident has primarily affected Starbucks’ North American operations, including approximately 11,000 stores across the United States and Canada. Starbucks says the cyberattack has compromised its ability to track baristas’ hours ...

  • Pakistan tests secret China-like ‘firewall’ to tighten online surveillance

    November 26, 2024

    Pakistan’s government has deployed Chinese technology to build what some senior officials familiar with the project are calling a new, national internet “firewall” that will allow authorities to monitor online traffic and regulate the use of popular apps with greater control than before. The project aims to upgrade the government’s web monitoring capabilities at the country’s ...

  • Russia-linked hackers exploited Firefox and Windows bugs in ‘widespread’ hacking campaign

    November 26, 2024

    Security researchers have uncovered two previously unknown zero-day vulnerabilities that are being actively exploited by RomCom, a Russian-linked hacking group, to target Firefox browser users and Windows device owners across Europe and North America. Researchers with security firm ESET say they found evidence that RomCom combined use of the two zero-day bugs — described as such ...

  • SteelFox Leverages Signed Windows Drivers to Attack Kernel

    November 26, 2024

    This week, the SonicWall Capture Labs threat research team investigated a sample of SteelFox malware. This is bundled with “software activators” for JetBrains and Foxit PDF readers. During installation, they run as a service and use vulnerable signed Windows drivers to exploit and attack the kernel. Secondarily, cryptominers such as XMRig are run in memory via ...

  • Analysis of Elpaco: a Mimic variant

    November 26, 2024

    In a recent incident response case, Kaspersky dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim’s server after a successful brute force attack and then launch the ransomware. After that, the adversary was able to elevate their privileges by exploiting the ...

  • Microsoft Outlook, Exchange and Teams calendar are down worldwide

    November 25, 2024

    Microsoft Exchange and Teams Calendar are currently down worldwide, with Outlook also “crashing,” according to users who said they could not view or send emails. The technology company said that it is “investigating an issue impacting users attempting to access Exchange Online or functionality within Microsoft Teams calendar” in a post on social media platform X ...

  • Hackers who inflitrated South African financial system reveal data for a large number people

    November 24, 2024

    A hacking group that claims it fraudulently collected Social Relief of Distress (SRD) grants and infiltrated South Africa’s financial system through credit bureaus has released data appearing to belong to Absa and Standard Bank customers. N4aughtySecGroup contacted the media earlier this month with a warning that it had breached several credit bureaus and used its access ...

  • Internet, mobile services disrupted in major cities, including Karachi, Islamabad

    November 24, 2024

    Communication services across Pakistan are hit by significant disruptions as the Pakistan Tehreek-e-Insaf (PTI) gears up for its much-anticipated “do-or-die” protest in Islamabad. Major cities like Karachi, Islamabad, and Rawalpindi have reported interruptions in mobile internet and other services, causing inconvenience for residents and businesses alike. These outages are part of the government’s intensified security measures ...