lugapelsiteadmin
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks
Evidence mounts of an exploit gatekept within Russia's borders Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations' systems.…
We know nations are going after critical systems, but what happens when crims join in?
This isn't going to end well Volt Typhoon, the Chinese government-backed cyberspies whose infrastructure was at least partially disrupted by Uncle Sam, has been honing in on other US energy, satellite and telecommunications systems, according to Robert Lee, CEO of security shop Dragos.…
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns
Many versions still without fixes while sophisticated attackers bypass mitigations Ivanti has finally released the first round of patches for vulnerability-stricken Connect Secure and Policy Secure gateways, but in doing so has also found two additional zero-days, one of which is under active exploitation.…
US shorts China’s Volt Typhoon crew targeting America’s criticals
Invaders inveigle infrastructure The US Justice Department and FBI may have scored a win over Chinese state-sponsored snoops trying to break into American critical infrastructure.…
Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released
Multiple publicly available exploits have since been published for the critical flaw The number of public-facing installs of Jenkins servers vulnerable to a recently disclosed critical vulnerability is in the tens of thousands.…
Reg story prompts fresh security bulletin, review of Juniper Networks’ CVE process
Vendor gets tangled in its own web of undisclosed vulnerabilities Juniper Networks has disclosed separate vulnerabilities it was previously accused of concealing, and apologized to customers for the error in communication.…
UK biometrics boss bows out, bemoaning bureaucratic blunders
Questionable institutional change and myriad IT issues pervade the governance landscape The farewell report written by the UK's biometrics and surveillance commissioner highlights a litany of failings in the Home Office's approach to governing the technology.…
SolarWinds slams SEC lawsuit against it as ‘unprecedented’ victim blaming
18,000 customers, including the Pentagon and Microsoft, may have other thoughts SolarWinds – whose network monitoring software was backdoored by Russian spies so that the biz's customers could be spied upon – has accused America's financial watchdog of seeking to "revictimise the victim" after the agency sued it…
Tesla hacks make big bank at Pwn2Own’s first automotive-focused event
ALSO: SEC admits to X account negligence; New macOS malware family appears; and some critical vulns Infosec in brief Trend Micro's Zero Day Initiative (ZDI) held its first-ever automotive-focused Pwn2Own event in Tokyo last week, and awarded over $1.3 million to the discoverers of 49 vehicle-related zero day…
750 million Indian mobile subscribers’ info for sale on dark web
ALSO: Samsung turns to Baidu for Galaxy AI in China; Terraform Labs files for bankruptcy; India's supercomputing ambitions Asia In Brief Indian infosec firm CloudSEK last week claimed it found records describing 750 million Indian mobile network subscribers on the dark web, with two crime gangs offering the…