Over 178K SonicWall Firewalls Exposed to DoS and RCE Attacks
178k SonicWall firewalls are exposed online and vulnerable to DoS and potential RCE attacks due to flaws in the appliances’ management interfaces (CVE-2022-22274 and CVE-2023-0656). One flaw enables remote code execution. While SonicWall has no reports of exploitation, over 500,000 vulnerable devices were detected worldwide. Read more
Bigpanzi Botnet Targets 170k Android TV Set Top Boxes with Bigpanzi’s Custom Malware
The Bigpanzi cybercrime group is using a vast botnet consisting of 170,000 active bots with 1.3 million unique IP addresses majority located in Brazil. Bigpanzi gains access to these devices by exploiting firmware updates or by tricking users into installing compromised applications. The perpetrators capitalize on these infections by transforming the compromised set top boxes into nodes for illicit media streaming platforms, traffic proxy networks, distributed denial of service (DDoS) swarms, and over-the-top (OTT) content provision. Read more
Google Discreetly Changes Chrome’s Incognito Warning Amidst the Google Class Action Lawsuit
Google made a quiet update to Chrome’s incognito mode warning in the Canary build, changing the text to state that websites and Google still collect browsing data in incognito. This follows a class action lawsuit accusing Google of tracking incognito activity illegally. The updated warning contrasts Chrome’s stable version and contradicts Google’s previous defense that users were informed. While Google says it offers more transparency, the lawsuit settlement approved giving $40 million to users. The discreet change and lawsuit outcome suggest Google may not have been fully transparent previously about incognito tracking capabilities. Read more
Hackers Use Androxgh0st Malware Botnet to Steal AWS and Microsoft credentials: CISA and FBI Issues Warning
The CISA and FBI have warned of the Androxgh0st malware botnet targeting AWS and Microsoft credentials. It exploits vulnerabilities in PHPUnit, Apache HTTP Server and Laravel to gain RCE. Attackers create fraudulent pages to access databases and deploy other malware. They steal AWS credentials to set up new instances and users to expand scanning. Recent vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities Catalog. Agencies are directed to secure systems by February to mitigate risks. Read more
Windows SmartScreen Vulnerability Exploited: Phemedrone Stealer Malware Used for Crypto Siphoning
Crypto-siphoning malware campaign called Phemedrone exploits unpatched Windows SmartScreen vulnerability CVE-2023-36025. Phemedrone can steal sensitive data from browsers, wallets and apps like Discord and Telegram. Attackers hosted malicious URL files to bypass the SmartScreen warning using CVE-2023-36025. Technical details show how the URL retrieves malware payloads to encrypt and steal data. Read more
Juniper Fixes Junos OS Critical RCE Vulnerability in its SRX and EX Devices
A pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) was discovered in Juno’s SRX firewalls and EX switches running older Junos OS versions. The J-Web interface vulnerability allows attackers to gain root privileges or conduct DoS attacks without authentication. Juniper released patches and advised disabling or restricting J-Web access until updating. Data shows over 8,000 exposed devices worldwide. Read more