Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

/in

Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches.
The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system.
“An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a

The Hacker News – ​Read More

29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services

/in

A 29-year-old Ukrainian national has been arrested in connection with running a “sophisticated cryptojacking scheme,” netting them over $2 million (€1.8 million) in illicit profits.
The person was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following “months of intensive collaboration.”
“A cloud

The Hacker News – ​Read More

A Bloody Pig Mask Is Just Part of a Wild New Criminal Charge Against eBay

/in

Plus: Chinese officials tracked people using AirDrop, Stuxnet mole’s identity revealed, AI chatbot hacking, and more.

Security Latest – ​Read More

Fertility Test Lab Will Pay $1.25M to Settle Breach Lawsuit

/in

The settlement includes reimbursement for out-of-pocket losses, credit monitoring, identity theft insurance, and a cash settlement payment for affected individuals, with an additional payment for California residents.

Cyware News – Latest Cyber News – ​Read More

APIs are Increasingly Becoming Attractive Targets

/in

APIs are being used more than ever by businesses to build and provide better sites, apps, and services to consumers. However, if APIs are not managed or secured properly, they can be exploited by hackers to steal sensitive information.

Cyware News – Latest Cyber News – ​Read More

Purple Teaming and the Role of Threat Categorization

/in

Purple team assessments, where red and blue teams collaborate, can provide a more comprehensive approach to security assessments, but they need to evolve to account for the multitude of attack technique variants.

Cyware News – Latest Cyber News – ​Read More

New Financial Fraud APK Campaign Discovered

/in

A new family of malicious Android Package Kit (APK) files has been discovered targeting Chinese users. The attackers pose as law enforcement officials and claim the victim’s phone number or bank account is involved in financial fraud.

Cyware News – Latest Cyber News – ​Read More

SEC X Account Hack Draws Senate Outrage

/in

Senators from both parties called the Securities and Exchange Commission’s lack of MFA “inexcusable” and demand investigation into the regulator’s cybersecurity lapse.

darkreading – ​Read More

CISA Adds 9.8 ‘Critical’ Microsoft SharePoint Bug to its KEV Catalog

/in

It’s a tale as old as time: an old, long-since patched vulnerability that remains actively exploited.

darkreading – ​Read More

GitLab Releases Updates to Address Critical Vulnerabilities

/in

Two vulnerabilities are critical, and three others are determined to be of high, medium, and low severity.

darkreading – ​Read More