US names Chinese national it alleges was behind 2020 attack on Sophos firewalls

December 11, 2024 at 12:06AM The US Treasury and Justice Departments have identified a Chinese firm and an employee, Guan Tianfeng, as responsible for exploiting a 2020 vulnerability in Sophos firewalls. An indictment claims they tested the firewalls to deliver malware, compromising 81,000 devices. Rewards and sanctions have been announced against them. ### Meeting Takeaways … Read more

‘Termite’ Ransomware Likely Behind Cleo Zero-Day Attacks

December 10, 2024 at 04:05PM The ransomware group “Termite” is exploiting a recently disclosed vulnerability (CVE-2024-50623) in Cleo’s file transfer software, impacting multiple sectors. Although Cleo is developing a new patch, existing versions, including the patched one, remain vulnerable. Researchers advise immediate protective measures for exposed systems until a fix is released. ### Meeting Takeaways: … Read more

US sanctions Chinese firm for hacking firewalls in ransomware attacks

December 10, 2024 at 11:40AM The U.S. Treasury sanctioned Sichuan Silence, a Chinese cybersecurity firm, and an employee for involvement in 2020 Ragnarok ransomware attacks on U.S. critical infrastructure. Guan Tianfeng exploited a zero-day vulnerability, compromising 81,000 firewalls globally, including over 23,000 in the U.S. A $10 million reward has been offered for information. **Meeting … Read more

PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

December 6, 2024 at 01:07AM A zero-day file read vulnerability in Mitel MiCollab can be exploited with a previously patched bug, allowing unauthorized access to sensitive files. Despite reporting the issue to Mitel over 100 days ago, it remains unpatched. The vulnerability is particularly concerning given the platform’s widespread use. **Meeting Takeaways:** 1. **Vulnerability Overview**: … Read more

‘RomCom’ APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

November 26, 2024 at 04:44PM In October, Russian hackers exploited two zero-day vulnerabilities affecting Firefox and Windows, allowing them to deploy malicious code via infected websites. The vulnerabilities were swiftly patched, limiting potential damage, primarily impacting targets in North America and Europe. The attackers utilized fake domains related to IT services to spread the malware. … Read more

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

November 26, 2024 at 06:18AM The Russia-aligned group RomCom has exploited two zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows to install their backdoor malware on victim systems without user interaction. The attacks utilize a fake website to redirect users, highlighting RomCom’s advanced capabilities and its history of cybercrime since 2022. ### Meeting Takeaways – … Read more

China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

November 19, 2024 at 06:11PM Chinese government-affiliated hackers are exploiting a zero-day vulnerability in Fortinet’s Windows VPN client to steal sensitive information, including credentials. Volexity identified the issue and reported it to Fortinet, which has yet to release a fix. The attackers use a tool called DeepData, capable of extensive data theft. ### Meeting Takeaways … Read more

Oracle warns of Agile PLM file disclosure flaw exploited in attacks

November 19, 2024 at 03:00PM Oracle has addressed a critical unauthenticated file disclosure vulnerability (CVE-2024-21287) in its Agile PLM software, which was exploited as a zero-day. Users are urged to update immediately to prevent unauthorized file access. The flaw was reported by CrowdStrike and has a CVSS score of 7.5. **Meeting Takeaways:** 1. **Vulnerability Identified**: … Read more

Palo Alto Networks tackles firewall-busting zero-days with critical patches

November 19, 2024 at 10:35AM Palo Alto Networks has issued patches for two zero-day vulnerabilities: CVE-2024-0012, a critical authentication bypass, and CVE-2024-9474, a medium-severity privilege escalation. Users are urged to update urgently. The company warns of ongoing exploitation, particularly from VPN services, and advises restricting access to management interfaces. ### Meeting Takeaways: 1. **New Vulnerabilities … Read more

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

November 16, 2024 at 03:48AM Palo Alto Networks has identified a critical zero-day vulnerability in its PAN-OS firewall, allowing unauthenticated remote command execution. Exploited in the wild, this flaw has a CVSS score of 9.3 and could enable persistent access via a web shell. Immediate action is advised until patches are available. ### Meeting Takeaways … Read more