Canada: RCMP confirms ‘alarming’ cyber event targeting its networks

The Royal Canadian Mounted Police confirmed to CTV News on Friday that it was dealing with a cyber event that targeted its networks, forcing it to launch a criminal investigation into the breach. “At this time, there is no impact Read More …

China’s top anti-espionage authority warns of secret leaks through smart wearable devices

China’s top anti-espionage authority warned on Friday that various smart wearable devices may become “cyber spies” used by foreign intelligence agencies to carry out espionage activities, posing a threat to national security. The Ministry of State Security (MSS) said on Read More …

ClamAV’s VirusEvent Command Injection Vulnerability

SonicWall Capture Labs Threat Research Team became aware of the ClamAV VirusEvent command injection vulnerability (CVE-2024-20328), assessed its impact, and developed mitigation measures for the vulnerability. ClamAV is a notable, open-source anti-virus engine, widely recognized for its comprehensive suite of Read More …

Malawi: Cyber-attack hits immigration service

Malawi’s government has suspended the issuing of passports following a cyber-attack on the immigration service’s computer network. President Lazarus Chakwera told MPs that the targeting of the department amounted to a “serious national security breach”. He revealed that the hackers Read More …

FBI issues warning against using Chinese manufactured drones

Chinese-manufactured unmanned aircraft systems (UAS), more commonly known as drones, continue to pose a significant risk to critical infrastructure and U.S. national security, according to an FBI advisory. While any UAS could have vulnerabilities that enable data theft or facilitate Read More …

A first analysis of the i-Soon data leak

Data from a Chinese cybersecurity vendor that works for the Chinese government has exposed a range of hacking tools and services. Although the source is not entirely clear, it seems that a disgruntled staff member of the group leaked the Read More …

re: Zyxel VPN Series Pre-auth Remote Command Execution

On January 25, 2024, SSD Secure Disclosure posted a disclosure titled Zyxel VPN Series Pre-auth Remote Command Execution. The writeup describes an unauthenticated remote command injection vulnerability affecting Zyxel VPN firewalls. That caught VulnCheck researchers attention. The Zyxel VPN series Read More …

Australia: OAIC to investigate legal consultant’s data breach

The Australian Information Commissioner has launched an investigation into a law firm that provides legal and consulting services to the government, in relation to a data breach and the publication of some of that data on the dark web. At Read More …

Europol: Tips & advice to prevent ransomware from infecting your electronic devices

Ransomware is a type of malware that locks your computer and mobile devices or encrypts your electronic files, demanding a ransom payment through certain online payment methods (and by an established deadline) in order to regain control of your data. Read More …