January 2024

More than 178,000 SonicWall firewalls are exposed to old denial of service bugs

Majority of public-facing devices still unpatched against critical vulns from as far back as 2022 More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims.…

Ivanti zero-day exploits explode as bevy of attackers get in on the act

Customers still patchless and mitigation only goes so far There's a "reasonable chance" that Ivanti Connect Secure (ICS) VPN users are already compromised if they didn't apply the vulnerability mitigation released last week, experts say.…

China’s gambling crackdown spawned wave of illegal online casinos and crypto-crime in Asia

‘Inaccessible and autonomous armed group territories’ host crooks who use tech to launder cash, run slave scam gangs, and more Global crime networks have set up shop in autonomous territories run by armed gangs across Southeast Asia, and are using them to host physical and online casinos that,…

Thousands of Juniper Networks devices vulnerable to critical RCE bug

Yet more support for the argument to adopt memory-safe languages More than 11,500 Juniper Networks devices are exposed to a new remote code execution (RCE) vulnerability, and infosec researchers are pressing admins to urgently apply the patches.…

Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers

The bug with a perfect 10 severity score has been ripe for exploitation since May GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed.…

FTC secures first databroker settlement banning sale of sensitive location data

Also, iOS spyware abused Apple's own ECC, breach victim says it can't figure out what hackers took, and some critical vulns Infosec in brief  The US Federal Trade Commission has secured its first data broker settlement agreement, prohibiting X-Mode Social from sharing or selling sensitive location data.…

Ransomware protection deconstructed

Check out the top 12 must see Rubrik product demos of 2023 for tips on how to foil attacks in 2024 Sponsored Post  Rubrik has combed through its archive to find what it judges to be the top 12 must-see demos of its products available to watch on…

China loathes AirDrop so much it’s publicized an old flaw in Apple’s P2P protocol

Infosec academic suggests Beijing’s warning that iThing owners aren’t anonymous deserves attention outside the great firewall, too In June 2023 China made a typically bombastic announcement: operators of short-distance ad hoc networks must ensure they run according to proper socialist principles, and ensure all users divulge their real-world…

Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in

Snoops had no fewer than five custom bits of malware to hand to backdoor networks Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team.…

Why we update… Data-thief malware exploits SmartScreen on unpatched Windows PCs

Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak.…

Copyright © 2024 Lugapel