Weekly
Jan 15 - 19, 2024
Google quietly updated Chrome's incognito warning in recent builds following a lawsuit. The new text notes that activity may still be tracked by websites and services like Google despite incognito mode. It previously stated others using the device would not see activity, but now it specifies this does not apply to third party tracking. The stable build still contains the older warning. The changes come after Google settled the class action suit, which claimed Chrome misled users about tracking in incognito tabs. Read more
Over 178,000 SonicWall firewalls with exposed management interfaces were found vulnerable to DoS attacks and remote code execution through two flaws, CVE-2022-22274 and CVE-2023-0656. Researchers scanned and found 76% at risk, with one allowing maintenance mode insertion and the other full remote access via a public proof-of-concept. Read more
The FBI and CISA have warned of the Androxgh0st malware botnet, which targets PHPUnit, Apache, and Laravel vulnerabilities to steal AWS, Microsoft, and other credentials. It uses exploits like RCE to install Spyware searching for API keys and .env files. Stolen credentials may then be used for spam campaigns. Attackers can also create fraudulent sites and AWS instances for further attacks. Mitigations include updates, monitoring PHP files and URIs, and revoking exposed credentials. Read more
A new campaign called Phemedrone uses a Windows SmartScreen vulnerability to install a stealer that siphons crypto and credentials. It deploys by tricking users into opening malicious. URL files exploiting CVE-2023-36025, previously patched in November. These URL files download shelled payloads targeting Discord tokens, wallet data, browser logins and more. Payloads bypass SmartScreen warnings to auto-execute on systems without patches. Data is then sent to attackers via Telegram. Read more
MitM attacks allow threat actors to covertly intercept network traffic, undermining data security. As techniques like packet sniffing and SSL stripping become more advanced, companies need robust protections such as air-gapped and immutable backups, MFA, and network monitoring combined with employee training. Read our blog to strengthen your defenses against modern MitM tactics. Read more
Juniper addressed a critical pre-auth remote code execution flaw in SRX and EX devices. Labeled CVE-2024-21591, it allowed hijacking of enrolled EPM devices and servers through the J-Web interface if exploited. No reports of active attacks emerged, but the vulnerability's potential for unauthorized access and device takeover without credentials warranted an urgent patch from Juniper. Read more
56TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with Object Lockdown Technology for Ransomware protection & Instant multi VM recovery. Last 3 Units available on half price!
The appliance is a 2U, 8 Bay Rackmount unit with 4x14TB Enterprise SAS drives, 12 Core Storage Virtualization Engine, 128GB System Memory, 1TB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, 1 Year Warranty & Support with 2 hours of professional services included.
This powerful 56TB DR365V Backup and DR appliance leverages Veeam-integration using the built-in Air-Gapped network, power management controller repository and storage controller using fully automated and Veeam integrated isolation technology.
Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For demos and details, contact us.
Weekly
Jan 8 - 12, 2024
A Ukrainian hacker group tied to intelligence services launched a retaliatory strike on a Moscow ISP. Blackjack hacked M9com servers, wiping 20TB of data and stealing another 10GB from mail servers. The group said it avenged the December attack on Kyivstar in Ukraine. Law enforcement ties Blackjack to Ukraine's SBU. The event follows Russia conducting 9,000 cyberattacks on Ukrainian infrastructure since Ukranian invasion. Read more
Researchers have found that hackers can access Google accounts without passwords by exploiting cookies. In October, an exploit posted on Telegram showed malware using 3rd party cookies to steal data with ongoing access even after password resets. Google confirmed seeing this technique and is securing accounts, urging users to remove malware and enable enhanced browsing. Read more
The Lockbit ransomware group claimed responsibility for a November 2023 attack on Capital Health, a healthcare provider in New Jersey and Pennsylvania. Lockbit posted to its leak site that it stole over 7TB of sensitive medical data from Capital Health and will release it unless paid. While Capital Health investigated the incident and restored systems, Lockbit now threatens to leak the data as well as negotiations. Read more
The SEC's X account experienced a compromise where a fake tweet was issued claiming Bitcoin ETF approval from the SEC chair. This led to a brief spike in Bitcoin's price before being addressed. The fraudulent post included an image of the SEC chair endorsing the news. The SEC confirmed the unauthorized access and is investigating with law enforcement. Read more
In the dynamic realm of enterprise operations, the subtle yet potent threat of Man-in-the-Middle (MitM) attacks requires immediate attention. These attacks silently breach secure communication channels, posing a risk to sensitive data and eroding client trust. This blog delves into the intricacies of MitM attacks, empowering organizations with the insights needed to fortify defenses. Read more
A critical RCE vulnerability (CVE-2023-39336) was found in Ivanti Endpoint Management that could allow unauthorized access and control enrolled devices or the core server. The flaw affected all supported EPM versions prior to 2022 Service Update 5. Attackers on the internal network could potentially exploit it through low-complexity SQL injection to execute arbitrary queries without authentication. While there is no evidence of customer impact, Ivanti restricted advisory access to prevent further exploits. Read more
128TB Veeam, Rubrik, Commvault fully automated immutable and air-gapped backup & DR appliance with object lockdown, file lockdown, incremental and full snapshots, replication, and instant multi-VM recovery for $9,995.
It is a 2U 8-bay rackmount unit fully populated with 8x16TB enterprise SAS drives, 10-core storage virtualization engine, 32GB system memory, 1TB NVMe SSD for virtualization, dual 10Gb RJ-45 Ports, hot-swappable power supply, 12Gb SAS hardware RAID controller.
Data services such as immutable snapshot, encryption (hardware), deduplication (hardware), replication (sync, async), thin provisioning, hot/cold tiering, Flash Cache (NVMe+SSD), WORM (immutable policy-based vault), predictive failure, call home, real-time performance, report, and notification are available as an option if needed.
For demos and details, contact us.