Palo Alto Networks patches DoS bug in PAN-OS software

Palo Alto Networks on Dec. 26 released a patch for a denial-of-service (DoS) flaw in the DNS security feature of the company’s PAN-OS firewall software. The high-severity 8.7 bug — CVE-2024-3393 — lets an unauthenticated attacker send a malicious packet through the data plane of the firewall that actually reboots the device. Palo Alto said […]

Old D-Link flaws exploited in new botnet attacks

Almost decade-old vulnerabilities in D-Link devices’ Home Network Administration Protocol interface have been exploited to distribute the Mirai-based botnet FICORA and Kaiten-based botnet CAPSAICIN between October and November, SiliconAngle reports. Numerous Linux architectures could be compromised with the FICORA botnet, which features brute-force and distributed denial-of-service attack capabilities while concealing malicious activity through ChaCha20 encryption, an analysis from […]

Disrupting cybercrime: InFocus with Fortinet’s Derek Manky

BleepingComputer reports that intrusions with the new OtterCookie malware and its updated iteration have been launched by North Korean threat actors against software developers as part of the Contagious Interview campaign, which initially involved the deployment of the BeaverTail and InvisibleFerret payloads. Source link

Major NFT fraudsters arrested, indicted

Californian NFT promoters Gabriel Hay and Gavin Mayo have been apprehended and indicted for their involvement in a major rug pull scam that resulted in the theft of $22 million over three years, making it the biggest NFT fraud case yet, according to Hackread. Numerous bogus NFT projects, including “Vault of Gems,” “Faceless,” “Dirty Dogs,” “Clout Coin,” and […]

US charges Brazilian hacker over extortion activities

The U.S. Department of Justice disclosed that Brazilian hacker Junior Barros De Oliveira has been indicted over extorting nearly $3.2 million worth of cryptocurrency from the Brazilian subsidiary of a New Jersey-based firm, which had information from almost 300,000 customers compromised as a result of at least three separate data breaches, The Hacker News reports. After demanding such […]

North Korean hackers, organization sanctioned over illicit cyber activities

CyberScoop reports that South Korea has moved to impose economic sanctions against 15 North Koreans allegedly part of the country’s Ministry of Munitions Industry and the Chosun Geumjeong Economic Information Technology Exchange Corporation over their roles in the global fake IT worker scheme that facilitated widespread cryptocurrency exfiltration and other cyberattacks meant to support North […]

Over $170M cyber, IT contract given by Texas to SAIC

U.S. technology integrator company Science Applications International Corporation has been given a $170.9 million IT and cybersecurity service contract by the Texas Department of Information Resources after the firm’s services were sought by California, Colorado, and Virginia, reports StateScoop. Aside from helping Texas DIR offer cybersecurity monitoring and management services to state agencies, SAIC will […]

Phishing attack compromises General Dynamics employees

Major U.S. aerospace and defense firm General Dynamics has confirmed having dozens of employee benefits accounts breached following a phishing attack in October, SecurityWeek reports. Threat actors leveraged a fake advertising campaign to lure employees into providing their credentials to a phishing website, which were then utilized to infiltrate 37 employees’ Fidelity NetBenefits accounts, said […]

Impact of Japan Airlines cyberattack downplayed amid recovery

Operations at Japan Airlines, the country’s flag carrier, have resumed after the successful restoration of systems as a result of a distributed denial-of-service attack on Thursday, which led to the interruption of some flights, same-day departure ticket sales, and other services, reports The Record, a news site by cybersecurity firm Recorded Future. Additional details have been limited […]