2024
Nokia walks the walk about its RAN to play on Uncle Sam’s China fears
It pays not to be Huawei, and the US military can be lucrative, too Comment A vendor establishing a business unit dedicated to government sales is not new or unusual. But Finnish telecommunications giant Nokia’s decision to do so in the USA this week tells a bigger story…
FBI: Beware of thieves building Androxgh0st botnets using stolen creds
Infecting networks via years-old CVEs that should have been patched by now Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).…
Locking down the edge
Watch this webinar to find out how Zero Trust fits into the edge security ecosystem Commissioned Edge security is a growing headache. The attack surface is expanding as more operational functions migrate out of centralized locations and into distributed sites and devices.…
Patch now: Critical VMware, Atlassian flaws found
You didn't have anything else to do this Tuesday, right? VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment.…
More than 178,000 SonicWall firewalls are exposed to old denial of service bugs
Majority of public-facing devices still unpatched against critical vulns from as far back as 2022 More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims.…
Ivanti zero-day exploits explode as bevy of attackers get in on the act
Customers still patchless and mitigation only goes so far There's a "reasonable chance" that Ivanti Connect Secure (ICS) VPN users are already compromised if they didn't apply the vulnerability mitigation released last week, experts say.…
China’s gambling crackdown spawned wave of illegal online casinos and crypto-crime in Asia
‘Inaccessible and autonomous armed group territories’ host crooks who use tech to launder cash, run slave scam gangs, and more Global crime networks have set up shop in autonomous territories run by armed gangs across Southeast Asia, and are using them to host physical and online casinos that,…
Thousands of Juniper Networks devices vulnerable to critical RCE bug
Yet more support for the argument to adopt memory-safe languages More than 11,500 Juniper Networks devices are exposed to a new remote code execution (RCE) vulnerability, and infosec researchers are pressing admins to urgently apply the patches.…
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers
The bug with a perfect 10 severity score has been ripe for exploitation since May GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed.…
FTC secures first databroker settlement banning sale of sensitive location data
Also, iOS spyware abused Apple's own ECC, breach victim says it can't figure out what hackers took, and some critical vulns Infosec in brief The US Federal Trade Commission has secured its first data broker settlement agreement, prohibiting X-Mode Social from sharing or selling sensitive location data.…