Sophos Firewall zero-day bug exploited weeks before fix

Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. The security issue has been fixed in the meantime but various threat actors continued Read More …

It costs just $7 to rent DCRat to backdoor your network

A budget-friendly remote access trojan (RAT) that’s under active development is selling on underground Russian forums for about $7 for a two-month subscription, according to BlackBerry researchers today. The backdoor Windows malware, dubbed DCRat or DarkCrystal RAT, was released in Read More …

Exploits created for critical F5 BIG-IP flaw – install patch immediately

Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. Last week, F5 disclosed a new critical remote code execution in BIG-IP networking Read More …

F5 Releases Security Advisories Addressing Multiple Vulnerabilities

F5 has released security advisories on vulnerabilities affecting multiple products, including various versions of BIG-IP. Included in the release is an advisory for CVE-2022-1388, which allows undisclosed requests to bypass the iControl REST authentication in BIG-IP. An attacker could exploit Read More …

Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw

Hardware and software makers are scrambling to determine if their wares suffer from a critical vulnerability recently discovered in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution. The flaw makes Read More …

Ransomware: How Attackers are Breaching Corporate Networks

Targeted ransomware attacks continue to be one of the most critical cyber risks facing organizations of all sizes. The tactics used by ransomware attackers are continually evolving, but by identifying the most frequently employed tools, tactics, and procedures (TTPs) organizations Read More …

NATO enters final phase of project to refresh cyber security technology

The NCI Agency announced earlier this year that experts had successfully collaborated with industry partners to upgrade the central management of two cyber security systems: the Network Intrusion Protection/Detection System (NIPS) and Full Packet Capture (FPC) system. This contract award Read More …

Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in Read More …

DoJ takes down Russian botnet that targeted WatchGuard and Asus routers

The US Justice Department in March carried out an operation that successfully removed malware known as “Cyclops Blink” from vulnerable internet-connected firewall devices, the department announced Wednesday. The operation disrupted the control the Russian Federation’s Main Intelligence Directorate (GRU) had Read More …