admin

admin

  • Joined: September 10, 2024
  • Articles: 8528

NSA Compromised Over 50,000 Computer Networks with Malware

November 23, 2013

The NSA possesses the capability to track “anyone, anywhere, anytime.” In September, we reported on how the agency, along with GCHQ, used LinkedIn and Slashdot to implant malware targeting engineers at Belgacom, the largest telecom company. Recently, a Dutch newspaper unveiled a new secret document from the NSA, disclosed by former intelligence employee Edward Snowden. This document reveals that the NSA has infiltrated over 50,000 computer networks globally with malware intended for stealing sensitive information. A slide from a 2012 NSA management presentation illustrates a world map pinpointing these targeted locations. The agency employs a method called “Computer Network Exploitation” (CNE), which allows for covert malware installation in computer systems. This malware can be remotely controlled, activated, and deactivated at will. According to the NSA’s own website, CNE encompasses actions that facilitate intelligence collection by exploiting data gathered through computer networks.

NSA Compromises Over 50,000 Computer Networks with Malware November 23, 2013 A recent revelation from a Dutch newspaper, stemming from documents leaked by former NSA contractor Edward Snowden, indicates that the National Security Agency (NSA) has successfully infiltrated more than…

Exploitation of SonicWall SSL VPN Vulnerability and Misconfigurations by Akira Ransomware Group on the Rise

September 11, 2025

Cybersecurity threats linked to the Akira ransomware group have intensified, specifically targeting SonicWall devices for initial breaches. Rapid7 has reported a notable increase in attacks on SonicWall appliances, coinciding with heightened Akira ransomware activity noted since late July 2025. SonicWall recently identified that these SSL VPN attacks exploit a year-old security vulnerability (CVE-2024-40766, CVSS score: 9.3) where local user passwords remained unchanged during migration. “We are seeing a surge in attempts by threat actors to brute-force user credentials,” the company commented. To mitigate risks, they advise enabling Botnet Filtering to block known threats and implementing Account Lockout policies. SonicWall also urged users to review LDAP SSL VPN Default User Groups, highlighting that misconfigurations could represent a “critical weak point.”

SonicWall SSL VPN Vulnerabilities Targeted by Akira Ransomware Group On September 11, 2025, cybersecurity experts reported a significant uptick in cyber intrusions targeting SonicWall devices, particularly those involving the SSL VPN feature. This surge is attributed to ongoing attacks by…

Critical RCE Vulnerability Discovered in the Linux Kernel’s TIPC Module

November 4, 2021

Cybersecurity experts have uncovered a significant security vulnerability in the Transparent Inter-Process Communication (TIPC) module of the Linux Kernel. This flaw could potentially allow both local and remote attackers to execute arbitrary code within the kernel, giving them control over affected systems. Assigned CVE-2021-43267 and rated with a CVSS score of 9.8, this heap overflow vulnerability “can be exploited locally or remotely within a network to gain kernel privileges, enabling attackers to compromise the entire system,” according to a report by cybersecurity firm SentinelOne shared with The Hacker News. TIPC is a transport layer protocol designed for seamless communication between nodes in dynamic cluster environments, offering improved efficiency and fault tolerance compared to traditional protocols like TCP. The vulnerability arises from inadequate validation of user-provided sizes for a new message type.

Significant RCE Vulnerability Discovered in Linux Kernel’s TIPC Module On November 4, 2021, cybersecurity experts disclosed a critical security vulnerability within the Linux Kernel’s Transparent Inter Process Communication (TIPC) module. This flaw, designated as CVE-2021-43267, has been assigned a high…

Malware Leverages Inaudible Audio Signals to Transfer Stolen Data

Dec 03, 2013

If you believe that a computer completely isolated from networks, without USB drives or any electronic connections, is safe from hackers and malware, you might want to reconsider. Recent developments reveal that German scientists have created a proof-of-concept malware prototype capable of infecting computers and digital devices using inaudible audio signals. This method of bridging an air gap presents a formidable threat. Imagine a cyberattack utilizing high-frequency sound waves to not only infect machines but also to transmit stolen data back to the attacker without any network connection—it’s a chilling prospect. Recently, security researcher Dragos Ruiu suggested that malware known as badBIOS enabled infected devices to communicate solely through sound waves, effectively bypassing physical disconnections from networks.

New Malware Exploits Inaudible Audio Signals to Exfiltrate Data On December 3, 2013, researchers revealed a groundbreaking malware prototype capable of transferring stolen data via inaudible audio signals, challenging prevailing assumptions about the security of isolated digital systems. Traditionally, the…

Senator Wyden Calls for FTC Investigation into Microsoft Over Ransomware-Related Cybersecurity Failures

U.S. Senator Ron Wyden is urging the Federal Trade Commission (FTC) to investigate Microsoft for what he describes as “gross cybersecurity negligence” that has facilitated ransomware attacks on critical U.S. infrastructure, particularly targeting healthcare networks. In a detailed four-page letter to FTC Chairman Andrew Ferguson, Wyden warned that Microsoft’s lax cybersecurity practices, combined with its near-monopoly in the enterprise operating system market, create a significant national security risk, making further attacks likely. He likened Microsoft’s behavior to that of “an arsonist selling firefighting services to their victims.” This request follows new revelations from the healthcare provider Ascension, which experienced a devastating ransomware attack last year, compromising personal and medical data of nearly 5.6 million individuals.

Senator Wyden Calls for FTC Investigation into Microsoft Over Cybersecurity Negligence Linked to Ransomware Attacks September 11, 2025 U.S. Senator Ron Wyden has formally requested the Federal Trade Commission (FTC) to investigate Microsoft, alleging severe cybersecurity negligence that has facilitated…

Critical Vulnerability in Cisco Policy Suite Exposes Hardcoded SSH Key, Allowing Remote Root Access

November 5, 2021

Cisco Systems has issued security updates to rectify vulnerabilities in several Cisco products that could enable attackers to log in as root users, gaining control over compromised systems. The vulnerability, identified as CVE-2021-40119, has been assigned a critical severity rating of 9.8 out of 10 on the CVSS scale and originates from flaws in the SSH authentication mechanism of Cisco Policy Suite. According to Cisco’s advisory, “An attacker could exploit this vulnerability by connecting to an affected device via SSH,” warning that a successful exploit could provide the attacker with root access. The issue was uncovered during internal security assessments. Future releases of Cisco Policy Suite (21.2.0 and beyond) will automatically generate new SSH keys upon installation, although devices upgrading from version 21.1.0 will still require a manual process to replace the default SSH keys.

Hardcoded SSH Key in Cisco Policy Suite Exposes Systems to Remote Root Access Vulnerability On November 5, 2021, Cisco Systems disclosed critical security updates aimed at addressing significant vulnerabilities across several of its products. One of the foremost issues identified…

DDoS Attacks Exploit Thousands of Outdated .EDU and .GOV WordPress Blogs

Dec 04, 2013

A recent cyberattack on a forum site revealed that thousands of outdated yet legitimate WordPress blogs were leveraged to execute DDoS attacks through known vulnerabilities. Analysis of the victim’s server logs indicated the involvement of numerous educational (.EDU) and government (.GOV) websites. Previously, we reported similar incidents where attackers compromised WordPress blogs using password brute-force methods or exploited the PINGBACK vulnerability present in older WordPress versions, without needing to gain full control of the servers. WordPress’s Pingback feature allows requests to be initiated from multiple locations, resulting in a single machine being able to send millions of requests. In this recent attack, over 100,000 IP addresses were implicated, with the victim’s forum receiving more than 40,000 requests.

DDoS Attacks Launch from Thousands of Outdated .EDU and .GOV WordPress Blogs In a recent cyber assault against a prominent online forum, thousands of obsolete yet legitimate WordPress blogs were exploited to orchestrate Distributed Denial of Service (DDoS) attacks. This…