Misconfigured Selenium Grid servers abused for Monero mining

July 29, 2024 at 02:09AM Threat actors exploit a misconfiguration in Selenium Grid to deploy XMRig for mining Monero. With over 100 million pulls on Docker Hub, the open-source framework allows testing across various environments. Wiz researchers discovered a year-long “SeleniumGreed” attack due to Selenium Grid’s lack of default authentication. Attackers gain remote access via … Read more

TeamViewer says Russia broke into its corp IT network

June 28, 2024 at 03:08PM TeamViewer disclosed that it was infiltrated by Russian cyber-spies, Cozy Bear, who gained access to its systems through a worker’s login. The breach was limited to non-production systems, with no evidence of accessing customer data. Similar to previous attacks, the group’s tactics align with known techniques, raising concerns about potential … Read more

TeamViewer can’t bring itself to say someone broke into its network – but it happened

June 27, 2024 at 08:43PM TeamViewer detected an irregularity in its corporate IT environment and promptly called in cybersecurity investigators and implemented remediation measures. While TeamViewer downplays the incident, NCC Group suggests an advanced persistent threat (APT) group’s compromise. Health sector warned of ongoing exploitation by APT29. Investigations are ongoing. Potential impact on customer data … Read more

US, Allies Publish Guidance on Securing Network Access

June 19, 2024 at 08:39AM US, New Zealand, and Canada government agencies release guidance for organizations to adopt modern security solutions like Secure Service Edge (SSE) and Secure Access Service Edge (SASE) to enhance network access security. The document advises transitioning beyond VPNs due to recent cyber incidents and advocates for approaches aligned with zero … Read more

Microsoft deprecates Windows DirectAccess, recommends Always On VPN

June 12, 2024 at 11:08AM Microsoft has deprecated its DirectAccess remote access solution and recommends companies to transition to ‘Always On VPN’ for increased security and ongoing support. Always On VPN, introduced as a successor to DirectAccess, supports modern VPN protocols and is more flexible, requiring users to plan and execute a migration to avoid … Read more

Cloudflare Expands Zero Trust Capabilities with Acquisition of BastionZero

May 30, 2024 at 01:21PM Cloudflare announced the acquisition of BastionZero, a seed-stage startup based in Boston, Mass. The financial terms were not disclosed. BastionZero’s technology offers remote access to infrastructure for backend and cloud engineering teams. The acquisition fits into Cloudflare’s plan to extend its Zero Trust Network Access flows and enhance its VPN … Read more

Check Point VPN Attacks Involve Zero-Day Exploited Since April

May 30, 2024 at 05:48AM Check Point VPNs were targeted by threat actors exploiting a zero-day vulnerability, allowing access to enterprise networks through old VPN local accounts. The vulnerability, tracked as CVE-2024-24919, affects certain Check Point Security Gateways and allows hackers to extract password hashes. Mnemonic reported attacks using CVE-2024-24919 in customer environments since April … Read more

Check Point releases emergency fix for VPN zero-day exploited in attacks

May 29, 2024 at 09:34AM Check Point releases hotfixes for VPN zero-day exploited in attacks targeting remote access to firewalls and corporate networks. The vulnerability (CVE-2024-24919) affects Check Point Security Gateways and impacts various product versions. Security updates have been issued, and installation instructions provided. A remote access validation script is available to review results … Read more

Check Point VPN Targeted for Initial Access in Enterprise Attacks

May 28, 2024 at 05:33AM Check Point advises customers to review VPN configurations to prevent abuse by threat actors, citing attempts to gain access through old VPN local accounts with password-only authentication. The company recommends using additional authentication measures, deploying products on security gateways, and disabling unnecessary local accounts. It also provides a script and … Read more

Hackers target Check Point VPNs to breach enterprise networks

May 27, 2024 at 02:24PM Check Point warns of ongoing campaign targeting Remote Access VPN devices, affecting enterprise networks. Attackers exploit old local accounts’ insecure password-only authentication. Check Point advises customers to secure accounts and install a hotfix to block login attempts using password-only authentication. Cisco also reported credential brute-forcing attacks on VPN and SSH … Read more