July 2, 2024 at 12:49AM An Australian man has been charged with creating fake Wi-Fi access points during a domestic flight to steal user data. The suspect impersonated legitimate networks, prompting victims to enter personal information. He faces multiple charges and potentially 23 years in prison if convicted. Authorities advise using reputable VPNs for public … Read more
June 3, 2024 at 08:12AM Cybersecurity software vendor Check Point detected a zero-day vulnerability being actively exploited. The vulnerability, assigned CVE-2024-24919, affects several Check Point products and can result in unauthorized access to sensitive information. Check Point advised users to update their software and harden their VPN posture. Additionally, various other critical vulnerabilities in different … Read more
May 29, 2024 at 09:54AM The US Treasury Department sanctioned three Chinese individuals and Thailand-based companies for operating the 911 S5 botnet. Wang, the primary administrator, and Liu, responsible for laundering money, were targeted along with companies allegedly linked to Wang. The botnet facilitated cybercrime, proxying internet connections for illegal activities, resulting in the loss … Read more
May 29, 2024 at 09:34AM Check Point releases hotfixes for VPN zero-day exploited in attacks targeting remote access to firewalls and corporate networks. The vulnerability (CVE-2024-24919) affects Check Point Security Gateways and impacts various product versions. Security updates have been issued, and installation instructions provided. A remote access validation script is available to review results … Read more
May 27, 2024 at 02:24PM Check Point warns of ongoing campaign targeting Remote Access VPN devices, affecting enterprise networks. Attackers exploit old local accounts’ insecure password-only authentication. Check Point advises customers to secure accounts and install a hotfix to block login attempts using password-only authentication. Cisco also reported credential brute-forcing attacks on VPN and SSH … Read more
May 22, 2024 at 01:23PM The Intercontinental Exchange (ICE) has agreed to pay a $10 million penalty to settle charges by the SEC for failing to promptly report a 2021 VPN security breach. ICE, a Fortune 500 company, owns global financial exchanges and employs over 13,000 people. The breach, caused by suspected state hackers, exposed … Read more
April 16, 2024 at 12:14PM Cisco warns about a global large-scale brute force attack targeting VPN and SSH services on various devices. The attack involves a mix of valid and generic employee usernames, started on March 18, 2024, and uses anonymization tools. It targets a range of services and lacks a specific focus, with possible … Read more
April 11, 2024 at 08:25AM DuckDuckGo launched ‘Privacy Pro’, a new 3-in-1 subscription service including a VPN, personal data removal, and identity theft restoration. The company, known for its privacy focus, promises a strict no-logs policy for the VPN and provides services to minimize identity theft risks. However, the subscription is on the pricier side … Read more
April 8, 2024 at 10:54AM Researchers at the Shadowserver Foundation discovered thousands of internet-exposed Ivanti VPN appliances vulnerable to a recently disclosed CVE-2024-21894, enabling remote code execution. Ivanti released updates for this and other vulnerabilities, urging users to update instances. ShadowServer found over 16,000 affected Ivanti VPN instances, mostly in the US and Japan, with … Read more
March 27, 2024 at 10:54AM Numerous VPN apps turned Android devices into residential proxies and made their way into the Google Play store, containing a malicious library responsible for enrolling devices as proxy nodes and linked to Asocks, a residential proxy seller. The malicious functionality could be added to any APK through the LumiApps SDK. … Read more