48,000+ internet-facing Fortinet firewalls still open to attack
Despite last week's confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Internet and open to attack: over 48,000, according to data from the Shadowserver Foundation. On January 10, Artic Wolf Labs researchers outlined an attack campaign targeting FortiGate firewalls with management interfaces exposed on the public internet. READ MORE...
Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack
The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices. The UDP-based attack occurred last year on October 29 and targeted an internet service provider (ISP) in Eastern Asia in an attempt to bring its services offline. Security and connectivity services provider Cloudflare says that the assault lasted 80 seconds but had no impact on the target and generated no alerts. READ MORE...
Over $380,000 Paid Out on First Day of Pwn2Own Automotive 2025
Trend Micro's Zero Day Initiative (ZDI) has announced the results from the first day of the Pwn2Own Automotive 2025 hacking contest taking place this week in Tokyo alongside the Automotive World conference. On the first day of Pwn2Own Automotive 2025, participants earned a total of $382,750 for 16 unique zero-day vulnerabilities affecting infotainment systems, electric vehicle (EV) chargers, and automotive operating systems. READ MORE...
Ransomware groups pose as fake tech support over Teams
Researchers at cybersecurity firm Sophos are tracking multiple clusters of hacking activity leveraging Microsoft 365 instances, Microsoft Teams and email bombing tactics to deliver ransomware. In new research released Tuesday, the company said it had identified at least two distinct clusters of hacking activity using the tactics to infect targets between November and December 2024. READ MORE...
Murdoc Botnet Ensnaring Avtech, Huawei Devices
A new variant of the Mirai malware has been observed exploiting vulnerabilities in Avtech cameras and Huawei routers to ensnare the devices into a botnet, security firm Qualys reports. Dubbed Murdoc Botnet, the malware has been actively targeting Avtech and Huawei devices for roughly six months. According to Qualys, at least 1,300 IPs have been active as part of the campaign. Murdoc has been targeting Avtech AVM1203 IP cameras affected by a high-severity bug leading to remote code execution. READ MORE...
Mirai Botnet Spinoffs Unleash Global Wave of DDoS Attacks
Separate spinoffs of the infamous Mirai botnet are responsible for a fresh wave of distributed denial-of-service (DDoS) attacks globally. One is exploiting specific vulnerabilities in Internet of Things (IoT) devices to establish "expansive" botnet networks, while the other has been targeting organizations in North America, Europe, and Asia with DDoS attacks since the end of 2024, researchers have found. READ MORE...
Bitbucket services "hard down" due to major worldwide outage
Bitbucket is investigating a massive outage affecting Atlassian Bitbucket Cloud customers worldwide, with the company saying its cloud services are "hard down." This web-based version control repository hosting service, owned by Atlassian, helps developers and teams collaborate on software projects by managing code, tracking changes, and integrating with other tools for development workflows. READ MORE...
7-Zip bug could allow a bypass of a Windows security feature. Update now
A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices. READ MORE...
- ...in 1931, singer/songwriter and "King of Soul" Sam Cooke is born in Clarksdale, MS.
- ...in 1940, veteran English actor John Hurt ("The Elephant Man", "Alien", "I, Claudius") is born in Derbyshire.
- ...in 1953, film director Jim Jarmusch ("Down By Law", "Dead Man") is born in Cuyahoga Falls, OH.
- ...in 1984, Apple Computer introduces the Macintosh personal computer with a Super Bowl commercial inspired by George Orwell's "1984".
