This Week in Cybersecurity: 15th Jan – 19th Jan: 178K SonicWall Firewalls Fell to DoS and RCE Attacks

Written by Gabby Lee

January 22, 2024

This Week in Cybersecurity: 15th Jan - 19th Jan: 178K SonicWall Firewalls Fell to DoS and RCE Attacks

Over 178K SonicWall Firewalls Exposed to DoS and RCE Attacks

178k SonicWall firewalls are exposed online and vulnerable to DoS and potential RCE attacks due to flaws in the appliances’ management interfaces (CVE-2022-22274 and CVE-2023-0656). One flaw enables remote code execution. While SonicWall has no reports of exploitation, over 500,000 vulnerable devices were detected worldwide. Read more

Bigpanzi Botnet Targets 170k Android TV Set Top Boxes with Bigpanzi’s Custom Malware

The Bigpanzi cybercrime group is using a vast botnet consisting of 170,000 active bots with 1.3 million unique IP addresses majority located in Brazil. Bigpanzi gains access to these devices by exploiting firmware updates or by tricking users into installing compromised applications. The perpetrators capitalize on these infections by transforming the compromised set top boxes into nodes for illicit media streaming platforms, traffic proxy networks, distributed denial of service (DDoS) swarms, and over-the-top (OTT) content provision. Read more

Google Discreetly Changes Chrome’s Incognito Warning Amidst the Google Class Action Lawsuit

Google made a quiet update to Chrome’s incognito mode warning in the Canary build, changing the text to state that websites and Google still collect browsing data in incognito. This follows a class action lawsuit accusing Google of tracking incognito activity illegally. The updated warning contrasts Chrome’s stable version and contradicts Google’s previous defense that users were informed. While Google says it offers more transparency, the lawsuit settlement approved giving $40 million to users. The discreet change and lawsuit outcome suggest Google may not have been fully transparent previously about incognito tracking capabilities. Read more

Hackers Use Androxgh0st Malware Botnet to Steal AWS and Microsoft credentials: CISA and FBI Issues Warning

The CISA and FBI have warned of the Androxgh0st malware botnet targeting AWS and Microsoft credentials. It exploits vulnerabilities in PHPUnit, Apache HTTP Server and Laravel to gain RCE. Attackers create fraudulent pages to access databases and deploy other malware. They steal AWS credentials to set up new instances and users to expand scanning. Recent vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities Catalog. Agencies are directed to secure systems by February to mitigate risks. Read more

Windows SmartScreen Vulnerability Exploited: Phemedrone Stealer Malware Used for Crypto Siphoning

Crypto-siphoning malware campaign called Phemedrone exploits unpatched Windows SmartScreen vulnerability CVE-2023-36025. Phemedrone can steal sensitive data from browsers, wallets and apps like Discord and Telegram. Attackers hosted malicious URL files to bypass the SmartScreen warning using CVE-2023-36025. Technical details show how the URL retrieves malware payloads to encrypt and steal data. Read more

Juniper Fixes Junos OS Critical RCE Vulnerability in its SRX and EX Devices

A pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) was discovered in Juno’s SRX firewalls and EX switches running older Junos OS versions. The J-Web interface vulnerability allows attackers to gain root privileges or conduct DoS attacks without authentication. Juniper released patches and advised disabling or restricting J-Web access until updating. Data shows over 8,000 exposed devices worldwide. Read more

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!