Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in
Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team. The software biz disclosed the vulnerabilities in Ivanti Connect Secure (ICS) - the VPN server appliance previously known as Pulse Connect Secure - and its Policy Secure gateways on Wednesday. At the time the biz said someone or some group had already found and exploited the holes. A spokesperson for Ivanti told The Register the victim count was "less than 10." READ MORE...
Secret multimillion-dollar cryptojacker snared by Ukrainian police
The criminal thought to be behind a multimillion-dollar cryptojacking scheme is in custody following a Europol-led investigation. Supported by the National Police of Ukraine, Europol arrested a 29-year-old, whose identity is being withheld, this week in Mykolaiv, Ukraine. An unnamed cloud provider worked with Europol et al to bring the crook into custody - an effort that also saw three properties raided as authorities built up their portfolio of evidence against them. READ MORE...
Hyundai MEA X Account Hacked, Followed by Crypto Promotion
The social media account for Hyundai MEA (Middle East & Africa) was taken over to distribute cryptocurrency promotions. The Hyundai MEA account on X (formerly Twitter) was briefly changed to impersonate Overworld, a role-playing game that is backed by the venture capital and incubator arm for the Binance cryptocurrency exchange. The takeover took place earlier this week and saw text and images changed on Hyundai MEA's X account, with posts offering registration to claim "btc domains." READ MORE...
GitLab Patches Critical Password Reset Vulnerability
A vulnerability in GitLab's email verification process could allow attackers to hijack the password reset process. The issue, tracked as CVE-2023-7028 and introduced in GitLab 16.1.0, can be exploited to have password reset messages sent to an unverified email address. GitLab 16.1.0 was released with the option to have password reset emails sent to a secondary email address, to prevent cases where users could not reset their passwords because they did not have access to the primary email inbox. READ MORE...
Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)
Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. CVE-2024-21591 is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based threat actor to carry out a denial-of service (DoS) attack, an RCE attack, or gain root privileges on exposed devices. "This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory," Juniper noted. READ MORE...
Lazy use of AI leads to Amazon products called "I cannot fulfill that request"
Amazon users are at this point used to search results filled with products that are fraudulent, scams, or quite literally garbage. These days, though, they also may have to pick through obviously shady products, with names like "I'm sorry but I cannot fulfill this request it goes against OpenAI use policy." As of press time, some version of that telltale OpenAI error message appears in Amazon products ranging from lawn chairs to office furniture to Chinese religious tracts. READ MORE...
Information Stealer Exploits Windows SmartScreen Bypass
A recent vulnerability in Windows SmartScreen is actively exploited in attacks leading to Phemedrone Stealer infections, cybersecurity firm Trend Micro reports. The security defect, tracked as CVE-2023-36025 (CVSS score of 8.8), came to light on November 14, 2023, when Microsoft released patches for it and the US cybersecurity agency CISA added it to its Known Exploited Vulnerabilities catalog, based on evidence of in-the-wild exploitation. READ MORE...
Joomla! vulnerability is being actively exploited
The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active threats. READ MORE...
CISA Adds 9.8 'Critical' Microsoft SharePoint Bug to its KEV Catalog
On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added a privilege escalation vulnerability affecting Microsoft SharePoint servers to its list of Known Exploited Vulnerabilities (KEV). SharePoint is a popular, cloud-based document management and storage system, which is also variously used by companies to implement internal applications and business processes, and share resources via an intranet. As recently as 2020, it enjoyed more than 200 million active monthly users. READ MORE...
- ...in 1559, Elizabeth I is crowned Queen of England in Westminster Abbey, London.
- ...in 1929, American civil rights movement leader Rev. Dr. Martin Luther King, Jr. is born in Atlanta, GA.
- ...in 1963, cryptographer and information security expert Bruce Schneier is born in New York City.
- ...in 2001, Wikipedia is first brought online by creators Jimmy Wales and Larry Sanger.
