Security News

SonicWall has issued an "Urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life Secure Mobile Access 100 series and Secure Remote Access products. "Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access 100 series and Secure Remote Access products running unpatched and end-of-life 8.x firmware in an imminent ransomware campaign using stolen credentials," the company said.

SonicWall has issued an "Urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life Secure Mobile Access 100 series and Secure Remote Access products. "Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access 100 series and Secure Remote Access products running unpatched and end-of-life 8.x firmware in an imminent ransomware campaign using stolen credentials," the company said.

A new report finds that fake investment scams have netted the most funds among all the types of active blockchain scams. CryptoMixer.com, a fake Bitcoin tumbler, is the biggest known active blockchain scam in terms of funds collected.

Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "Small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "Sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet.

UPDATE. An October patch for a critical remote code execution bug in a SonicWall VPN appliance turned out to be insufficient. SonicWall originally patched the stack-based buffer overflow vulnerability in the SonicWall Network Security Appliance, tracked as CVE-2020-5135, back in October.

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "Botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. Tracked as CVE-2021-20019, the vulnerability is the consequence of a memory leak when sending a specially-crafted unauthenticated HTTP request, culminating in information disclosure.

South Korea's state-run Korea Atomic Energy Research Institute on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. KAERI, established in 1959 and situated in the city of Daejeon, is a government-funded research institute that designs and develops nuclear technologies related to reactors, fuel rods, radiation fusion, and nuclear safety.

Vaccine passports challenged by data privacy and security implicationsWhile some think vaccine apps could be the key to lifting travel restrictions, challenges have arisen regarding data privacy and security implications. Apple fixes actively exploited vulnerabilities affecting older iDevicesApple has released a security update for older iDevices to fix three vulnerabilities, two of which are zero-days that are apparently actively exploited in attacks in the wild.

South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability. The Korea Atomic Energy Research Institute, or KAERI, is the governement-sponsored institute for the research and application of nuclear power in South Korea.

South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability. The Korea Atomic Energy Research Institute, or KAERI, is the governement-sponsored institute for the research and application of nuclear power in South Korea.