Author: nlqip
A Vulnerability in SonicWall SonicOS Management Access and SSLVPN Could Allow for Unauthorized Resource Access
- by nlqip
MS-ISAC ADVISORY NUMBER: 2024-097 DATE(S) ISSUED: 09/06/2024 OVERVIEW: A vulnerability has been discovered in SonicWall SonicOS Management Access and SSLVPN, which could allow for unauthorized resource access and in specific conditions, causing the firewall to crash. SonicOS is SonicWall’s operating system designed for their firewalls and other security devices. Successful exploitation of the most severe…
Read MoreTransport for London, the city’s public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. On Monday, the transport authority reported the incident to relevant government agencies (including the National Cyber Security Centre and the National Crime Agency). It is now…
Read More‘We sincerely apologize this incident occurred,’ according to a letter to Avis customers. Avis, the car rental company, has disclosed that threat actors accessed one of its business applications and accessed customer personal information. The Parsippany, N.J.-based company has sent letters dated Sept. 4 to customers whose information was accessed in the breach, according to…
Read MoreFor the week ending Sept. 6, CRN takes a look at the companies that brought their ‘A’ game to the channel including Verizon, Amazon Web services, Salesforce, Palo Alto Networks, and Couchbase. The Week Ending Sept. 6 Topping this week’s Came to Win list is Verizon for striking a $20 billion acquisition deal that will…
Read MoreImage: MidjourneyAmerican car rental giant Avis notified customers that unknown attackers breached one of its business applications last month and stole some of their personal information. According to data breach notification letters sent to impacted customers on Wednesday and filed with California’s Office of the Attorney General, the company took action to stop the unauthorized…
Read MoreSep 06, 2024Ravie LakshmananNetwork Security / Threat Detection SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10.…
Read MoreAfter Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. ActiveX is a legacy software framework introduced in 1996 that enables developers to create interactive objects that can be embedded in Office documents. Redmond will start by turning off ActiveX controls in documents opened…
Read MoreSep 06, 2024Ravie LakshmananSoftware Security / Hacking Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com). Adversaries targeting open-source repositories across…
Read MoreSep 06, 2024Ravie LakshmananCryptocurrency / APT Attack A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8)…
Read MoreA new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. A cryptocurrency recovery phrase, or seed phrase, is a series of 12-24 words that acts as a backup key for a cryptocurrency wallet. These phrases are used to restore access…
Read MoreRecent Posts
- New Rockstar 2FA phishing service targets Microsoft 365 accounts
- Russia arrests cybercriminal Wazawaka for ties with ransomware gangs
- Bologna FC confirms data breach after RansomHub ransomware attack
- New Windows Server 2012 zero-day gets free, unofficial patches
- Cybersecurity Snapshot: AI Security Roundup: Best Practices, Research and Insights