27 DDoS-For-Hire Services Disrupted In Run-Up To Holiday Season
In a co-ordinated international effort, the law enforcement agencies of 15 countries have made the holiday season a little less stressful for companies and consumers - by seizing control of some of the internet's most popular DDoS-for-hire services. Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by taking over two dozen "booter" or "stresser" websites offline. READ MORE...
Russia takes unusual route to hack Starlink-connected devices in Ukraine
Russian nation-state hackers have followed an unusual path to gather intel in the country's ongoing invasion of Ukraine-appropriating the infrastructure of fellow threat actors and using it to infect electronic devices its adversary's military personnel are using on the front line. On at least two occasions this year, the Russian hacking group has used servers and malware used by separate threat groups in attacks targeting front-line Ukrainian military forces. READ MORE...
Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug
The US government unsealed charges yesterday against a Chinese national who allegedly broke into approximately 81,000 of Sophos firewall devices around the world in 2020. Guan Tianfeng, also known as gbigmao and gxiaomao, was charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Tianfeng has also been accused of developing and testing a zero-day security vulnerability used to conduct the Sophos attacks. READ MORE...
Apache issues patches for critical Struts 2 RCE bug
We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE. According to the National Vulnerability Database (NVD), which published the CVE on Wednesday, Apache scored CVE-2024-53677 a 9.5 using the CVSSv4 framework while Tenable noted a 9.8 rating using CVSSv3 - take your pick. READ MORE...
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the "Hunk Companion" plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) flaws, or create backdoor admin accounts. READ MORE...
- ...in 1787, Pennsylvania becomes the second state to ratify the US Constitution, five days after Delaware.
- ...in 1863, Expressionist painter Edvard Munch, best known for "The Scream" (1893), is born in Adalsbruk, Norway.
- ...in 1927, physicist Robert Noyce, co-inventor of the integrated circuit and co-founder of Intel Corporation, is born in Burlington, IA.
- ...in 1963, Kenya declares its independence from the United Kingdom.
