lugapelsiteadmin

700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking

With 14 serious security flaws found, what a gift for spies and crooks Fourteen newly found bugs in DrayTek Vigor routers — including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating — could be abused by crooks looking to seize control…

NIST’s security flaw database still backlogged with 17K+ unprocessed bugs. Not great

Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process – though it's not quite on target as hoped.…

‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln

Attacks began the day after public disclosure "Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.…

The fix for BGP’s weaknesses has big, scary, issues of its own, boffins find

Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works The Resource Public Key Infrastructure (RPKI) protocol has "software vulnerabilities, inconsistent specifications, and operational challenges" according to a pre-press paper from a trio of German…

Euro cops arrest 4 including suspected LockBit dev chilling on holiday

And also: What looks like proof that stolen data was never deleted even after ransom was paid Building on the success of what's known around here as LockBit Leak Week in February, the authorities say they've arrested a further four individuals with ties to the now-scuppered LockBit ransomware…

Evil Corp’s deep ties with Russia and NATO member attacks exposed

Ransomware criminals believed to have taken orders from intel services The relationship between infamous cybercrime outfit Evil Corp and the Russian state is thought to be extraordinarily close, so close that intelligence officials allegedly ordered the criminals to carry out cyberattacks on NATO members.…

NCA unmasks man it suspects is both ‘Evil Corp kingpin’ and LockBit affiliate

Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks The latest installment of the National Crime Agency's (NCA) series of ransomware revelations from February's LockBit Leak Week emerges today as the agency identifies a man it not only believes is a member of…

Australian e-tailer digiDirect customers’ info allegedly stolen and dumped online

Full names, contact details, and company info – all the fixings for a phishing holiday Data allegedly belonging to more than 304,000 customers of Australian camera and tech e-tailer digiDirect has been leaked to an online cyber crime forum.…

Rackspace internal monitoring web servers hit by zero-day

Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Exclusive  Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.…

If you’re holding important data, Iran is probably trying spearphish it

It's election year for more than 50 countries and the Islamic Republic threatens a bunch of them US and UK national security agencies are jointly warning about Iranian spearphishing campaigns, which remain an ongoing threat to various industries and governments.…

Copyright © 2024 Lugapel