December 11, 2024 at 01:36AM The U.S. government charged Chinese national Guan Tianfeng for hacking thousands of Sophos firewalls in 2020, exploiting a severe zero-day vulnerability. He allegedly conspired to access and exfiltrate data, targeting critical U.S. infrastructure. Sanctions were imposed against his company, Sichuan Silence, linked to Chinese intelligence agencies. ### Meeting Takeaways from … Read more
December 11, 2024 at 12:06AM The US Treasury and Justice Departments have identified a Chinese firm and an employee, Guan Tianfeng, as responsible for exploiting a 2020 vulnerability in Sophos firewalls. An indictment claims they tested the firewalls to deliver malware, compromising 81,000 devices. Rewards and sanctions have been announced against them. ### Meeting Takeaways … Read more
December 10, 2024 at 10:12PM Ivanti has issued security updates for critical vulnerabilities in its Cloud Services Application and Connect Secure products, including flaws allowing privilege escalation and remote code execution. Users are urged to update to the latest versions as active exploitation has been a concern, despite Ivanti not having awareness of current attacks. … Read more
December 10, 2024 at 06:09PM Microsoft’s December 2024 Patch Tuesday introduces a significant security update addressing a Windows zero-day vulnerability (CVE-2024-49138) and 71 patches, bringing the year’s total to 1,020. Critical issues involve exploits in LDAP, Hyper-V, and RDP services, necessitating immediate action from security administrators to mitigate risks. ### Meeting Takeaways – December 2024 … Read more
December 10, 2024 at 04:43PM U.S. Senator Ron Wyden introduced the “Secure American Communications Act” to enhance cybersecurity for American telecoms after breaches by Chinese state hackers. The bill mandates annual security testing, independent auditing, and compliance documentation. FCC Chairwoman Jessica Rosenworcel supports urgent action on telecom network security following these significant hacking incidents. ### … Read more
December 10, 2024 at 04:05PM The ransomware group “Termite” is exploiting a recently disclosed vulnerability (CVE-2024-50623) in Cleo’s file transfer software, impacting multiple sectors. Although Cleo is developing a new patch, existing versions, including the patched one, remain vulnerable. Researchers advise immediate protective measures for exposed systems until a fix is released. ### Meeting Takeaways: … Read more
December 10, 2024 at 03:55PM This month, Microsoft has released 72 fixes, with CVE-2024-49138 posing an immediate risk due to active exploitation. Adobe, on the other hand, issued 167 fixes, including 91 for Adobe Experience Manager and critical updates for Adobe Connect. Users are urged to patch vulnerabilities across all platforms promptly. ### Meeting Takeaways … Read more
December 10, 2024 at 03:33PM Microsoft has issued patches for over 70 security flaws, highlighting an actively exploited zero-day vulnerability in Windows’ Common Log File System (CLFS), CVE-2024-49138. Additionally, a critical LDAP remote code execution issue (CVE-2024-49112) has been flagged, with urgent recommendations for mitigation measures. ### Meeting Takeaways: 1. **Security Patches Released**: – Microsoft … Read more
December 10, 2024 at 03:00PM A vulnerability in WPForms, affecting over 3 million sites, allows subscriber users to issue unauthorized Stripe refunds or cancel subscriptions (CVE-2024-11205). A fix was released in version 1.9.2.2. Website owners are advised to upgrade or disable the plugin to prevent potential exploitation and revenue loss. ### Meeting Summary on WPForms … Read more
December 10, 2024 at 02:45PM Ivanti has alerted customers about a severe authentication bypass vulnerability (CVE-2024-11639) in its Cloud Services Appliance, allowing attackers to gain admin access remotely. Users should upgrade to CSA 5.0.3. The company also patched other vulnerabilities but found no evidence of exploitation prior to disclosure. **Meeting Takeaways: Ivanti Security Advisory Update** … Read more