The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government…
Read More
Network support: Ensure that your network infrastructure, including access points and controllers, support WPA3 and (if desired) the optional OWE for Open Networks. While many newer network devices are WPA3-compatible, older hardware may require updates or replacements. If you’re wanting to utilize certain optional functionality in WPA3, do the research and consider all requirements for…
Read More
The world-renowned auction house Christie’s has confirmed that it has fallen victim to a ransomware attack, seemingly orchestrated by a Russia-linked cybercriminal gang. Two weeks ago the CEO of the world’s wealthiest auction house posted on LinkedIn blamed a “technology security incident” after the Christie’s website went unexpectedly offline. Meanwhile, two employees of Christie’s told…
Read More
A large-scale phishing campaign is using an unusual lure to earn at least $900,000 by tricking email recipients into believing they’re about to receive a baby grand piano for free. The campaign, discovered by email security firm Proofpoint, was launched in January 2024 and has distributed over 125,000 emails, mainly targeting North American university students and faculty.…
Read More
May 29, 2024NewsroomSoftware Security / Supply Chain Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index (PyPI) repository to facilitate cryptocurrency theft as part of a broader campaign. The package in question is pytoileur, which has been downloaded 316 times as of writing. Interestingly, the…
Read More
The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator. As early as 2011, Wang and his conspirators pushed malware onto victims’ devices using multiple malicious VPN applications bundling proxy backdoors. The VPN apps that added compromised devices to the 911 S5 residential…
Read More
The cybersecurity vendor says that a now-fixed VPN vulnerability has been exploited in attacks. Check Point has released emergency patches for a VPN vulnerability that the cybersecurity vendor said has been exploited in a small number of attacks. Initially disclosed by Check Point on Monday, the company released more details Tuesday as well as fixes…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read More
Amid warnings of threat actors targeting VPN devices, Check Point has identified a zero-day information disclosure vulnerability impacting Check Point Network Security gateways which has been exploited by malicious actors. Background On May 27, Check Point released a blog post with recommendations on security best practices. According to the original post, Check Point has been…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4978 Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the…
Read More