IoT Cloud Cracked by ‘Open Sesame’ Over-the-Air Attack

December 12, 2024 at 04:13PM Ruijie Networks has patched 10 vulnerabilities in its Reyee cloud management platform, potentially allowing control of thousands of devices. Researchers from Claroty, who developed the “Open Sesame” attack, highlighted weaknesses in device authentication. This could enable attackers to impersonate the cloud platform and exploit connected devices, raising IoT security concerns. … Read more

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

December 11, 2024 at 01:36AM The U.S. government charged Chinese national Guan Tianfeng for hacking thousands of Sophos firewalls in 2020, exploiting a severe zero-day vulnerability. He allegedly conspired to access and exfiltrate data, targeting critical U.S. infrastructure. Sanctions were imposed against his company, Sichuan Silence, linked to Chinese intelligence agencies. ### Meeting Takeaways from … Read more

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

December 10, 2024 at 10:12PM Ivanti has issued security updates for critical vulnerabilities in its Cloud Services Application and Connect Secure products, including flaws allowing privilege escalation and remote code execution. Users are urged to update to the latest versions as active exploitation has been a concern, despite Ivanti not having awareness of current attacks. … Read more

The Future of Network Security: Automated Internal and External Pentesting

December 10, 2024 at 08:06AM As cyber threats evolve, automated internal and external pentesting becomes essential for organizations. These cost-effective solutions enable frequent and thorough security assessments, addressing both insider and perimeter risks. Automated tools, like vPenTest, offer detailed insights, streamline compliance, and empower IT teams to enhance their security posture proactively. ### Key Takeaways … Read more

OpenWrt Sysupgrade flaw let hackers push malicious firmware images

December 9, 2024 at 05:33PM A vulnerability in OpenWrt’s Attended Sysupgrade feature for creating custom firmware images may have enabled the distribution of malicious firmware packages, posing a security threat to users. **Meeting Notes Takeaways:** 1. **Issue Identified**: A flaw exists in OpenWrt’s Attended Sysupgrade feature. 2. **Impact**: The flaw could potentially enable the distribution … Read more

QNAP Patches Vulnerabilities Exploited at Pwn2Own

December 9, 2024 at 08:29AM QNAP Systems announced security patches for vulnerabilities discovered at Pwn2Own Ireland 2024, including a severe command injection flaw (CVE-2024-50393) and a CRLF injection bug (CVE-2024-48868), both with CVSS scores of 8.7. Users are urged to update their systems to protect against potential attacks. ### Meeting Takeaways 1. **Vulnerability Patches Released**: … Read more

SonicWall Patches 6 Vulnerabilities in Secure Access Gateway

December 6, 2024 at 07:30AM SonicWall released urgent patches for multiple high-severity vulnerabilities in the SMA100 SSL-VPN gateway, including buffer overflow flaws (CVE-2024-45318, CVE-2024-53703) allowing remote code execution, a path traversal issue (CVE-2024-38475), and an authentication bypass (CVE-2024-45319). Users must update to firmware version 10.2.1.14-75sv. ### Meeting Takeaways: SonicWall Security Vulnerabilities Update 1. **Vulnerability Announcement**: … Read more

Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnels

December 5, 2024 at 05:21PM BlueAlpha, a Russian APT group, has adapted its malware delivery by exploiting Cloudflare Tunnels to deploy GammaDrop malware. This method conceals staging infrastructure, enabling HTML smuggling attacks and evading detection. Insikt Group recommends enhancing email security, flagging suspicious attachments, and implementing network monitoring to counter these threats. ### Meeting Takeaways … Read more

U.S. org suffered four month intrusion by Chinese hackers

December 5, 2024 at 05:20PM A major U.S. organization with a strong presence in China experienced a data breach by China-based threat actors, who infiltrated its networks and maintained access from April to August 2024. **Meeting Notes Takeaways:** 1. **Incident Overview**: A large U.S. organization with a strong presence in China has experienced a security … Read more

Bootloader Vulnerability Impacts Over 100 Cisco Switches

December 5, 2024 at 07:31AM Cisco has released patches for a significant vulnerability in NX-OS bootloader software (CVE-2024-20397) that could let attackers bypass image signature verification. Affecting over 100 models, the flaw requires physical access for exploitation. Cisco advises immediate updates, although no known exploits are reported. Discontinued devices will not receive patches. **Meeting Takeaways: … Read more