The Pumpkin Eclipse
Executive Summary Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). The incident took place over a 72-hour period between October 25-27, rendered the infected devices permanently inoperable, and required a hardware-based replacement. Public scan data Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP).
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts. #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability
Check Point - Wrong Check Point (CVE-2024-24919)
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze. Check Point, for those unaware, is the vendor responsible for the 'CloudGuard Network Security' appliance, yet another device claiming to be secure and hardened. Their slogan - "you deserve the best security" - implies they are a company you can trust with the security of your network. A bold claim.
Operators of 911 S5 residential proxy service subjected to US sanctions
Chinese nationals Yunhe Wang, Jingping Liu, and Yanni Zheng have been sanctioned by the U.S. Treasury Department for operating the residential proxy service 911 S5, which was a botnet comprised of over 19 million residential IP addresses that had been used to support various cybercrime groups' COVID-19 relief scams and bomb threats, Ars Technica reports.
Office of Public Affairs | 911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation | United States Department of Justice
A court-authorized international law enforcement operation led by the U.S. Justice Department disrupted a botnet used to commit cyber attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations.
.webp?width=92&height=&ar=&mode=&format=avif&dpr=2)
Troy Hunt: Operation Endgame
Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. That link provides an excellent overview so start there then come back to this blog post which
Largest ever operation against botnets hits dropper malware ecosystem | Europol
Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, whose infrastructure was taken down...
Botnets disrupted after international action
Continuing a string of successful botnet takedowns, on Thursday, May 30th 2024, a coalition of international law enforcement agencies announced "Operation Endgame". This effort targeted multiple botnets such as IcedID, Smokeloader, SystemBC, Pikabot and Bumblebee, as well as some of the operators of these botnets. These botnets played a key part in enabling ransomware, thereby causing damages to society estimated to be over a hundred million euros. This coordinated effort is the largest operation ever against botnets involved with ransomware.
TeamCity Major Bug-Fix Release for All Versions: Update Your Server Now | The TeamCity Blog
Our customers’ safety is our utmost priority. In order to protect our customers from any potential security threats, we’ve rolled out major bug-fix releases for several older versions of TeamCity (versions 2022.04 through 2023.11).
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
A couple months ago, my colleague Winston Ho and I chained a series of unfortunate bugs into a zero-interaction local privilege escalation in Zscaler Client Connector. This was an interesting journey into Windows RPC caller validation and bypassing several checks, including Authenticode verification. Check out the original Medium blogpost for Winston’s own ZSATrayManager Arbitrary File Deletion (CVE-2023-41969)!
Cooler Master allegedly breached, members exposed
Cooler Master, a popular computer hardware maker, has allegedly suffered from a data breach, exposing the company’s corporate data as well as the personal details of members from its fan-based members program. The attackers claim to have stolen 103GB of data from the company’s servers on May 18th. According to the attacks’ perpetrators, the allegedly stolen information carries a trove of sensitive data, including Cooler Master’s Fanzone members’ payment card details.
BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?
The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow, Dark Web Informer, and FalconFeeds revealed the site's online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters, who has since offered for sale a 1.3 TB database containing details of allegedly 560 million Ticketmaster customers for $500,000.
CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive
CVE-2024-23108 Fortinet FortiSIEM Command Injection Deep-Dive and Indicators of Compromise. This blog details a command injection vulnerability which allows an unauthenticated attacker to access the FortiSIEM server as root to execute arbitrary commands.
PCTattletale leaks victims' screen recordings to entire Internet
PCTattletale is a simple stalkerware app. Rather than the sophisticated monitoring of many similarly insecure competitors it simply asks for permission to record the targeted device (Android and Windows are supported) on infection. Afterward the observer can log in to an online portal and activate recording, at which point a screen capture is taken on the device and played on the target's browser.
Cyber Signals: Inside the growing risk of gift card fraud
In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. The latest edition of Cyber Signals dives deep into the world of Storm-0539, also known as Atlas Lion, shedding light on their sophisticated methods of gift and payment card theft.