Recent Security News
-
Hacker spins up 1 million virtual servers to illegally mine crypto
January 13, 2024 at 09:31PM A 29-year-old Ukrainian man was arrested for orchestrating a massive cryptojacking scheme, using hacked accounts to create 1 million virtual servers and mine $2 million in cryptocurrency. Europol, in collaboration with Ukrainian authorities, tracked down the hacker, who is now facing criminal charges under the Criminal Code of Ukraine. Mitigating…
-
Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
January 13, 2024 at 06:54AM Juniper Networks released updates to fix a critical remote code execution vulnerability in its SRX Series firewalls and EX Series switches, tracked as CVE-2024-21591 with a CVSS score of 9.8. The flaw can allow attackers to cause Denial-of-Service or Remote Code Execution, affecting specific Junos OS versions. Juniper also resolved…
-
29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services
January 13, 2024 at 05:24AM A 29-year-old Ukrainian national was arrested for a “sophisticated cryptojacking scheme,” making over $2 million in illicit profits. The arrest was made in Mykolaiv with help from Europol and a cloud service provider. The suspect used compromised cloud user accounts to mine cryptocurrencies, avoiding infrastructure costs. Properties were searched for…
-
Urgent: GitLab Releases Patch for Critical Vulnerabilities – Update ASAP
January 12, 2024 at 10:42PM GitLab released security updates to address two critical vulnerabilities, CVE-2023-7028 and CVE-2023-5356. CVE-2023-7028 allows account takeover without user interaction, affecting versions 16.1 to 16.7. CVE-2023-5356 enables execution of slash commands as another user through Slack/Mattermost integrations. Users are advised to upgrade instances and enable 2FA for elevated privileges. Key takeaways…
-
Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in
January 12, 2024 at 09:25PM Mandiant’s threat intel team identified two zero-day bugs in Ivanti products that were under attack by cyberspies as early as December. Ivanti has disclosed the vulnerabilities in their products and is working on rolling out patches while urging customers to immediately deploy mitigations. The situation is particularly concerning as the…