Vulnerabilities

More than 25,000 SonicWall SSL VPN devices are vulnerable to critical flaws, with 20,000 running outdated SonicOS/OSX firmware that is no longer supported. This analysis by cybersecurity firm Bishop Fox was prompted by key vulnerabilities disclosed this year in SonicWall devices. Ransomware groups, like Fog and Akira, have recently exploited …

Cybersecurity expert, Jeremiah Fowler discovered an unsecured database containing almost 5 million records reportedly relating to Care1 — a Canadian company offering AI software solutions. He reported to VPN mentor that the publicly exposed database was unprotected, passwordless, and not encrypted, totaling 2.2 TB. It included records in PDF format …

GitLab has released a critical security update for several versions of its platform, including versions 17.6.2, 17.5.4, and 17.4.6 for both Community and Enterprise Editions. This update fixes vulnerabilities that could result in account takeovers, denial of service attacks, and data leaks. CVE-2024-11274 (CVSS 8.7) is a critical vulnerability that …

A federal court in Hammond, Indiana, has unsealed an indictment against Guan Tianfeng, a Chinese citizen, for allegedly hacking firewall devices globally in 2020. Guan and his co-conspirators, employed by Sichuan Silence Information Technology Co. Ltd., targeted a previously unknown vulnerability (an “0-day” vulnerability) in firewalls produced by U.K.-based Sophos …

A newly found zero-day vulnerability lets attackers steal NTLM credentials by manipulating targets into opening a malicious file in Windows Explorer. The 0patch team found a flaw and reported it to Microsoft, but no official fix has been released yet. 0patch reports that the issue affects all Windows versions from …

On December 5, 2024, CISA issued two advisories regarding Industrial Control Systems (ICS). These advisories highlight current security issues, vulnerabilities, and exploits in ICS. Vulnerabilities found in AutomationDirect’s C-More EA9 Programming Software and Planet Technology’s WGS-804HPT switch could severely threaten critical infrastructure if exploited. ICSA-24-340-01 AutomationDirect C-More EA9 Programming Software: …

DroidBot is a sophisticated Android Remote Access Trojan (RAT) that merges traditional hidden VNC and overlay functions with spyware-like features. It includes a keylogger and monitoring tools for intercepting user actions, making it effective for surveillance and stealing credentials. A key feature of DroidBot is its dual-channel communication: it uses …

Brain Cipher, a ransomware group that emerged in June 2024, claims to have stolen 1TB of data from Deloitte UK, but this has not been verified. Deloitte, a top professional services firm, is the newest victim listed on Brain Cipher’s dark web site. Hackers claim to have stolen over 1TB …

Multiple vulnerabilities found in I-O DATA routers UD-LT1 and UD-LT1/EX are being actively exploited. JPCERT/CC, a Japanese cybersecurity organization, has warned that these issues could lead to serious attacks, including credential theft, command execution, and total firewall bypass. “The developer states that attacks exploiting these vulnerabilities have been observed,” warns …

National Security Agency (NSA), The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) jointly published guideline to enhanced visibility and hardening guidance for communications infrastructure providing best practices to protect against PRC affiliated threat actor. According to the guideline above mentioned threat actor has compromised networks …