Cable Haunt lets attackers take complete control when targets visit booby-trapped sites.
Category: cybercrime/malcode
The United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert that strongly urges users and administrators alike to update a VPN with long-since disclosed critical vulnerabilities. “Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability,” the CISA alert warns, “can become compromised in an attack.” What has dictated the need for this level of Government agency interest and the urgency of the language used? The simple answer is the ongoing Travelex foreign currency exchange cyber-attack, thought to have been facilitated by no less than seven VPN servers that were late in being patched against this critical vulnerability. The vulnerability in question is CVE-2019–11510, first disclosed way back in April 2019 when Pulse Secure VPN also released a patch to fix it.
Critical VPN security vulnerability timeline
The CISA alert provides a telling timeline that outlines how the Pulse Secure VPN critical vulnerability, CVE-2019–11510, became such a hot security potato. Pulse Secure first released an advisory regarding the vulnerabilities in the VPN on April 24, 2019. “Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS),” that advisory warned, “this includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform a remote arbitrary file access on the Pulse Connect Secure gateway.” An upgrade patch to fix the problem, which had been rated as critical, was made available at the same time. Warning users that the vulnerabilities posed a “significant risk to your deployment,” Pulse Secure recommended patching as soon as possible.
The Department of Homeland Security is preparing for possible cyberattack from Iran. Officials said it could target finance, energy and telecom companies. Gov. Roy Cooper is urging people to pay attention to keep North Carolina’s computer networks safe.
Click the video player above to learn how to stay safe online .
Cyber-attackers have ramped up their campaigns against the travel industry and those who use it.
Threats of cyber attacks on North America’s electric network systems are growing, industrial cybersecurity firm Dragos said in a new report this week.
This year, the firm has identified two groups, Magnallium and Xenotime, which are increasingly probing to compromise electric assets in North America, expanding their targeting from the oil and gas sector to include electric assets.
“This underscores the trend in threats expanding from single-vertical ICS operations to multi-vertical ICS operations we observe from adversaries targeting industrial entities,” Dragos said in its report.
The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability.
This warning follows another alert issued by CISA in October 2019, and others coming from the National Security Agency (NSA), the Canadian Centre for Cyber Security, and UK’s National Cyber Security Center (NCSC).
Pulse Secure reported the vulnerability tracked as CVE-2019–11510 and disclosed by Orange Tsai and Meh Chang from the DEVCORE research team, and by Jake Valletta from FireEye in an April 2019 out-of-cycle advisory.
Dunwoody officials said Thursday that no data was compromised during the ransomware attack, which was detected on Christmas Eve and is now under investigation by the FBI. The intrusion was quickly identified by staff, which worked with the city’s computer security contractors at InterDev to shut down servers and disconnect computers in order to limit the impact of the attack.
“As soon as we detected a problem, we took immediate steps to protect the city’s infrastructure,” Ashley Smith, InterDev’s director of government services, said in a news release. “Data back-ups were used to fully restore systems with no loss.”
Dunwoody police Chief Billy Grogan said the attackers demanded a ransom be paid in bitcoin, a digital currency. He declined to reveal the amount requested but said the city did not pay.
Cybersecurity company warns that hackers are investigating industrial control systems associated with power infrastructure.
A hacking group believed to be from North Korea is reportedly stepping up its game to continue its cryptocurrency stealing campaigns.
In a statement published yesterday, security researchers from Kaspersky say they found evidence to suggest Lazarus has made significant changes to its attack methodology.
According to Kaspersky, the hacking group is taking “more careful steps” and is employing “improved tactics and procedures” to steal cryptocurrency.
